The US had sanctioned a Russian hacker group of seven members who have attacked hospitals, companies and the US government, the Treasury Department of the US said on Thursday.
Cybercriminals specifically based in Russia seek to target critical infrastructure and US businesses and exploit the international financial system, said Brian Nelson, Treasury Under Secretary.
Also Read | Who is Larry Bevans, Seattle Seahawks supporter named fan of the year at NFL Honors 2023?
What is Trickbot?
Trickbot is a malware designed to steal banking data. A group of cybercriminals created trojans to steal the banking information of users. It is generally circulated through email campaigns that invite an individual to access a malicious file or click on a link that leads to the download of malware on the device.
Trickbot Trojan is alarming because it has been modified since its development to be advanced and expand its possible functions. It can steal the credentials of individuals for banking services. It can download or be downloaded by other malware such as Emotet.
This malware is generally a threat to small, medium and large corporate entities. They can also target individuals. Banking information and emails can be compromised. Access to a user’s system and network can also be taken by hackers without the user’s knowledge.
The US government has marked the malware a large worry to elections. They have also targeted the healthcare and public health sectors. It may be used to inject ransomware for financial benefits. This has resulted in an increased threat to US hospitals and healthcare providers.
Also Read | Host Kelly Clarkson trolled for Dallas Cowboys gown at NFL Honors 2023 at Symphony Hall, Phoenix
It may transfer the data back to the attackers. Other potentially prone data include domain names and IP ranges. Additionally, multiple entry points can be left on the system to infuse additional malware in the future.
Trickbot is capable of monitoring the Unified Extensible Firmware Interface (UEFI) and basic input/output system (BIOS) firmware of affected systems. Attackers can search for vulnerabilities that will assist them in essentially taking over the firmware of a device, as well as reading, writing or deleting data.