In a joint cybersecurity advisory, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigations (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) have raised the alarm regarding an increase in Truebot malware activity, specifically targeting networks in the U.S. and Canada.
The advisory, “Increased Truebot Activity Infects U.S. and Canada Based Networks,” is the culmination of a collaborative effort among these organizations to help businesses detect and guard against these newly minted Truebot malware variants.
Open-source reporting and meticulous analytical study of Truebot variants have led these organizations to assess that cyber threat actors have manipulated this malware through sophisticated phishing campaigns. These campaigns typically contain malicious redirect hyperlinks, which serve as the initial attack vector.
A point of concern is that the more recent iterations of the Truebot malware have been programmed to exploit a known vulnerability with the Netwrix Auditor application (CVE-2022-31199). As recent as May 2023, cyber criminals leveraged this common vulnerability and exposure (CVE) to propagate new Truebot variants and pilfer valuable information from organizations based in the U.S. and Canada.
The advisory explicitly encourages all organizations to scrutinize its contents and act swiftly to implement the recommended mitigation strategies. These include applying necessary patches to CVE-2022-31199 to minimize the probability and impact of a Truebot-related incident, as well as mitigating the risk of other ransomware-related attacks.