Microsoft eliminates extensive hacking operation, calling it a possible threat to 2020 election

Microsoft took down a massive hacking operation that it believes had the ability to indirectly impact election infrastructure if allowed to continue, CNN reports.

Microsoft announced Monday that an extensive malware network called Trickbot was being used by criminals to launch cyberattacks.

According to CNN, Microsoft secured a federal court order to disable the IP addresses associated with Trickbot's servers, and then worked with telecom providers around the world to eradicate the network.

Trickbot allegedly worked by offering hackers the ability to inject vulnerable computers, routers and other devices with malware such as ransomware, which Microsoft and US officials warned could pose a risk to websites that display election information or to third-party software vendors that provide services to election officials.

"Adversaries can use ransomware to infect a computer system used to maintain voter rolls or report on election-night results, seizing those systems at a prescribed hour optimized to sow chaos and distrust," Microsoft VP of security Tom Burt wrote in a blog post.

Ransomware could pose a risk to the election process if systems designed to support voting are brought down, says Check Point threat analyst Lotem Finkelsteen, but so far experts regard it as "mainly a hypothetical threat right now."

CNN explained that ransomware seizes control of target computers and freezes them until victims pay up — though experts urge those affected by ransomware not to encourage hackers by complying with their demands. The Treasury Department has warned that paying ransoms could violate US sanctions policy.

He added: "We have now cut off key infrastructure so those operating Trickbot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems."

The Washington-based technology company admitted the strong likelihood of the attackers eventually finding a way to resume their criminal activities. But Microsoft remains confident in its new approach to such cyber crimes; they're poised to once again, eliminate all traces of the hackers activity via a "new legal approach."

In a separate technical report from Microsoft that was distributed Monday, Microsoft said Trickbot has been used to spread the Ryuk ransomware;apparently, the network was doing so at an astounding rate, attacking 20 organizations per week, and reportedly compromised Universal Health Services, which is one of the nation's largest hospital companies.

Microsoft said that since 2016, Trickbot has targeted more than 1 million computing devices across the globe and its operators have acted on behalf of both governments and criminal organizations, but their exact identity remains ambiguous.

The Washington Post reports that the US Cyber Command also took steps to take down the cybercriminals.