Cyber Crime
Cyber Threat Alert: US and Canada Issue Warning on Surge in Truebot Malware Attacks
US and Canadian cybersecurity agencies have jointly issued a warning about a surge in Truebot malware activity, highlighting new tactics, techniques, and procedures (TTPs) employed by threat actors. The advisory, released by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS), sheds light on the evolving nature of Truebot malware and its potential impact on organizations in the US and Canada.
Notorious cyber-criminal groups, including Clop and Silence, have been utilizing Truebot malware to infiltrate and extract sensitive information from victims. Previous variants of Truebot were predominantly distributed via malicious phishing email attachments. However, recent observations indicate a shift in approach, with threat actors increasingly exploiting a known vulnerability, CVE-2022-31199, to leverage the Truebot botnet.
CVE-2022-31199 is a remote code execution vulnerability present in Netwrix Auditor, a software solution widely used for IT system auditing in both on-premises and cloud-based environments. By exploiting this vulnerability, attackers can gain initial access to a compromised network and move laterally within it.
According to the advisory, once the malicious file is downloaded, Truebot malware renames itself and deploys FlawedGrace, a remote access tool (RAT). This RAT can then modify registry and print spooler programs, allowing it to escalate privileges and establish persistence within the system.
The agencies involved in the advisory also noted that Truebot has been observed in conjunction with other malware delivery vectors and tools, including Raspberry Robin and Colbalt Strike.
ALSO READ: Victim Of A Cyber Attack? Now Dial 1930 & 155260 To Register Complaint And Get Your Money Back
To mitigate the escalating threat from Truebot, organizations are strongly advised to implement several measures. These include closely monitoring and controlling software execution, as well as applying vendor patches specifically designed to address the Netwrix Auditor vulnerability.
The advisory concludes by urging organizations to promptly take action if indicators of compromise (IOCs) are identified within their networks. It advises implementing the incident response and mitigation measures outlined in the advisory, while also reporting any intrusions to CISA or the FBI.
The warning highlights the critical importance for organizations to remain vigilant and take immediate steps to safeguard their systems against the evolving and increasingly sophisticated Truebot malware. By staying informed and implementing the recommended security measures, organizations can help protect themselves from potential cyber threats.
Key Highlights:
- US and Canadian authorities issue a joint advisory warning about increased Truebot malware activity.
- Truebot malware variants are being used by notorious cyber-criminal gangs to target organizations in the US and Canada.
- Threat actors are exploiting the CVE-2022-31199 vulnerability in Netwrix Auditor software to gain initial access to compromised networks.
- Truebot malware renames itself and deploys FlawedGrace to escalate privileges and establish persistence within the system.
- Truebot has been observed in association with other delivery malware vectors and tools, including Raspberry Robin and Colbalt Strike.
- Organizations are advised to monitor and control software execution, apply vendor patches, and report any intrusions to authorities.
Follow The420.in on
Telegram | Facebook | Twitter | LinkedIn | Instagram | YouTube