Microsoft disrupts hacking operation that threatens US election

Microsoft Logo at Ignite
Microsoft Logo at Ignite (Image credit: Windows Central)

What you need to know

  • Microsoft received a federal court order that allowed it to disrupt Trickbot, a dangerous botnet.
  • Microsoft's actions disabled IP addresses associated with Trickbot's servers.
  • The actions represent a "new legal approach" to fighting these types of attacks.

Microsoft and several organizations worked together to stop a hacking operation that could potentially threaten the upcoming U.S. election if left unchecked (via CNN). Microsoft's efforts disrupt a botnet known as Trickbot, which is a dangerous botnet that is utilized by criminals to distribute ransomware.

Microsoft highlights in a blog post (opens in new tab) that experts believe ransomware is one of the largest threats to the upcoming U.S. elections. Ransomware can be used to lock computer systems used as part of the election, such as devices that maintain voter rolls or systems that report election results.

To disrupt Trickbot, Microsoft received a federal court order that allowed the company to disable IP addresses associated with Trickbot's services. Microsoft worked with telecommunication partners around the world to execute its plans. Microsoft's actions happen alongside efforts by US Cyber Command to disrupt cyber criminals, as explained by the Washington Post.

Microsoft analyzed approximately 61,000 samples of Trickbot malware during its investigation. Trickbot provides "malware-as-a-service," which means that the people behind Trickbot can provide people access to infected machines. This allows people to deliver malware, including ransomware, to infected devices. In addition to infecting PCs, Trickbot has also infected IoT devices.

"We have now cut off key infrastructure so those operating Trickbot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems," explains Microsoft corporate vice president Tom Burt.

These efforts represent a "new legal approach," according to Microsoft. The company also notes that criminals will likely be able to adapt and find new ways to proceed with plans. The new approach could then be used to help fight against adapted attacks going forward.

Burt explains in Microsoft's blog post,

We fully anticipate Trickbot's operators will make efforts to revive their operations, and we will work with our partners to monitor their activities and take additional legal and technical steps to stop them.

Disrupting Trickbot will also help protect financial services institutions, government agencies, healthcare facilities, businesses, and universities from malware attacks that are enabled by Trickbot.

Sean Endicott
News Writer and apps editor

Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at (opens in new tab).

  • Now if they could only remove the main problem, the human element and their stupidity...
  • Totally true. 😂 But still govt systems will run on 1 year old security patches then complain about vulnerability.
  • It's ridiculous that Microsoft has to go on it's own instead of the government taking any action. If our election is in danger from foreign interference, then why does the government play sit and spin? We have the president complaining that our voting system is at risk and instead of doing anything just says don't trust the results. Unless he wins of course... When this was first brought up the president said there was eternity until the election, so basically with eternity time on his hands he couldn't do anything to make it safe. If the election is tampered with, it is a failure under his watch. Just another failure from this administration.
  • Don't you know? It's communism when the government does things...