U.S. and Canadian authorities are alerting organizations to watch out for new malware variants of the robot network Truebot, which are increasingly infecting the IT systems of private and public entities in both countries.
The Cybersecurity and Infrastructure Security Agency on Thursday published a joint cybersecurity advisory co-authored by the FBI, Multi-State Information Sharing and Analysis Center and the Canadian Centre for Cyber Security.
Truebot, known to some as Silence.Downloader, is being used by cyber threat actors including the CL0P Ransomware Gang to plant malicious redirect hyperlinks in e-mails and steal information from target organizations. CISA noted an increase in malware incidents involving Truebot since May 31 of this year.
The cybercriminals exploit a vulnerability in the Netwrix Auditor software for cloud-based and on-premises auditing. To mitigate this risk, the agencies are urging organizations to apply vendor patches to the software and require all personnel and services to implement phishing-resistant multifactor authentication.