Microsoft announced on Wednesday, April 13, that technology firms including Microsoft have taken legal and technical steps to stop a cybercriminal group whose malicious software has been used in ransomware attacks and other hacks around the world.n
What Is ZLoader?
Microsoft's Digital Crimes Unit (DCU) has taken legal and technical steps to stop a criminal botnet known as ZLoader from being used to steal and extort money.
ZLoader is controlled by a global internet-based organized crime group that uses malware as a service to collect account login IDs, passwords, and other information in order to steal money from people's accounts.
According to CNN, since ZLoader emerged in 2019, it has been utilized in a diversity of financially motivated hacking activities — many of them focused at enterprises in North America.
What are the Legal and Technical Actions Used to Disrupt ZLoader?
Microsoft said that it was granted a court order by the U.S. District Court for the Northern District of Georgia to take control of 65 domains used by the ZLoader gang to grow, control, and communicate with their botnet.
The tech giant obtained a court order from the U.S. District Court for the Northern District of Georgia allowing it to take control of 65 domains that the ZLoader gang has been using to grow, control and communicate with its botnet.
The domains have been redirected to a Microsoft sinkhole, where the botnet's criminal controllers can no longer access them.
The purpose of the disruption is to disable ZLoader's infrastructure and make it more difficult for this organized criminal gang to continue operating.
DCU led the investigation in collaboration with Black Lotus Labs, ESET, and Palo Alto Networks Unit 42, with additional data and insights from the Financial Services Information Sharing and Analysis Centers (FS-ISAC) and the Health Information Sharing and Analysis Center (H-ISAC), as well as Microsoft Threat Intelligence Center and Microsoft Defender team. Avast also contributed to the DCU field in Europe.
According to Microsoft, the court action follows months of investigation that began before the current conflict in the region.
Denis Malikov, who lives in the Crimean Peninsula city of Simferopol, was identified as one of the criminals behind the creation of a component utilized in the ZLoader botnet to disseminate ransomware.
Microsoft stated that they will engage with internet service providers (ISPs) to identify and remediate victims.
Microsoft Latest Disruption Against Other Cyberattacks
On April 7, Microsoft stated that it has intercepted yet another wave of Russian hacking attempts aimed at a variety of media organizations and government institutions across Ukraine, the U.S., and the EU.
In a blog post, Tom Burt, Microsoft's Corporate Vice President of Customer Security and Trust, said that Microsoft had stopped several cyberattacks from Strontium, a Russian GRU-linked actor targeting Ukraine. He said the computer giant secured a court order on April 6, allowing it to take control of seven internet domains used by Strontium, also known as Fancy Bear, to carry out the attacks.
Related Article : Microsoft Confirms Lapsus$ Hack, Details Steps To Enhance Security