CISA and FBI Issues Warning on Truebot Threats In U.S And Canada
Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and other agencies issued warnings in response to threat actors’ edging Truebot malware variants against businesses in the United States and Canada.
How the New Truebot Variants Operate
On May 31, 2023, the aforementioned agencies noticed an increase in hackers utilizing variants of Truebot (also known as Silence. Downloader). Truebot is a botnet used by cyber groups like CL0P Ransomware Gang to pilfer data from its target.
Furthermore, the new variants aid hackers to gain initial access by exploiting CVE-2022-31199—(a remote code execution vulnerability in the Netwrix Auditor application), enabling the deployment of the malware at scale within the compromised system.
However, the cybersecurity advisory does not provide specific details of victims or the number of corporations impacted by the TrueBot attacks.
The report also highlights the involvement of the Raspberry Robin malware in these variants’ aggression, including other post-compromise malware like IcedID and Bumblebee.
Originally, by utilizing Raspberry Robin as an operating platform, threat actors can reach more targeted victims and intensify the impact of their nasty operations.
Given that the Silence and TA505 groups are actively infiltrating networks for monetary benefit, organizations must implement suggested security measures.
Safety Recommendations
The authoring agencies advised looking out for nasty operations using the guidance outlined in this CSA as mentioned below:
Install updates: Businesses and cooperations alike should use Netwrix Auditor and install the necessary updates to mitigate the CVE-2022-31199 susceptibility and update their software to version 10.5 or above.
Enhance security protocols: operate multi-factor authentication (MFA) for all employees and services.
Report any incidents: If said organization noticed IOCs or suspects a TrueBot infiltration, they must swiftly act in accordance with the incident response actions laid out in the warning and report the incident to CISA or the FBI.