Increased Truebot Malware infection identified by threat intelligence research group CISCO
The threat intelligence research group, CISCO, identified an increased infection of Truebot malware, with a high possibility of association with the Evil Corp threat actor. The first identified botnet is distributed worldwide (focusing on Mexico, Pakistan, and Brazil), while the second botnet is mainly focused on the USA.
CISCO identified an increased infection of Truebot malware, with a high possibility of its association with the Evil Corp threat actor. CISCO also found that attackers shifted their malicious delivery methods among various techniques. In October 2022, many infections used Raspberry Robin, a recent malware spread through USB drives, as a delivery vector. One of these attacks had a fully featured custom data exfiltration tool named Teleport, which was used to steal information. So far, two Truebot botnets have been identified. The first is distributed online, focusing on Mexico, Pakistan, and Brazil. In contrast, the second mainly focuses on the USA and is almost exclusively composed of Windows servers.