The Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI) and the Canadian Centre for Cyber Security (CCCS), released a new Cybersecurity Advisory (CSA) on July 6 warning against Truebot malware variants.
The agencies warned that Truebot malware has recently been utilized to target organizations in the United States and Canada to obtain sensitive data.
“In recent months, open-source reporting has detailed an increase in Truebot malware infections,” particularly from cyber threat actors using new tactics, techniques, and procedures (TTPs), and delivery methods, the agencies said.
“Based on the nature of observed Truebot operations, the primary objective of a Truebot infection is to exfiltrate sensitive data from the compromised host(s) for financial gain,” they said.
Some of the techniques cyber criminals use to lure possible victims with the Truebot malware include phishing and the exploitations of the CVE-2022-31199 a commonly used remote code.
“Cyber threat actors have shifted tactics, exploiting, in observable manner, a remote code execution vulnerability software used for on-premises and cloud-based IT system auditing,” stated the agencies.
“Through exploitation of this CVE, cyber threat actors gain initial access, as well as the ability to move laterally within the compromised network,” they said.
CISA and its partners said that organizations should use phishing-resistant multifactor authentication (MFA) to mitigate any possible use of Truebot malware against them, as well as continually testing organizations cybersecurity measures.
“The authoring organizations recommend hunting for the malicious activity using the guidance outlined in this CSA, as well as applying vendor patches,” they said.