CISA and FBI are warning of ongoing TrickBot attacks despite security firms took down the C2 infrastructure of the infamous botnet in October.
The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) warn of ongoing Trickbot attacks despite in October multiple security firms dismantled its C2 infrastructure in a joint operation.
On Wednesday, the two US agencies published an advisory to warn organizations of a new wave of attacks conducted by cybercrime actors that are leveraging a traffic infringement phishing scheme to trick victims into installing the TrickBot malware.
“The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have observed continued targeting through spearphishing campaigns using TrickBot malware in North America. A sophisticated group of cybercrime actors is luring victims, via phishing emails, with a traffic infringement phishing scheme to download TrickBot.” reads the advisory.
TrickBot is a popular banking Trojan that has been around since October 2016, its authors have continuously upgraded it by implementing new features.
The joint advisory includes Indicators of Compromise (IoCs) and mitigations for these attacks.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.