SecurityWeek reports that Trickbot Group, also known as ITG23 or Wizard Spider, has moved to quickly expand its operations following the deployment of the TrickBot malware family six years ago, while moving to automated malware encryption.
Since its emergence in 2016, the Trickbot Group has ventured to develop the Anchor and BazarLoader malware strains, as well as enter the ransomware space with Ryuk, Conti, and Diavol, according to a report from IBM Security's X-Force division.
Despite Trickbot's long experience in malware encryption, it has been found to establish a Jenkins build server last April to achieve automated crypting of malware, with the technique used for the TrickBot, Cobalt Strike, Emotet, IcedID, Qakbot, Sliver, Gozi, Colibri, and BazarLoader malware strains, as well as the Conti, AstroLocker, Quantum, and MountLocker ransomware families.
"ITG23 is best thought of as a group of groups, not unlike a large corporation, who report to common upper management and share infrastructure and support functions, such as IT and human resources. One of these support groups within ITG23 is dedicated to developing crypters for use with the groups own malware operations as well as for several other groups," said IBM.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news