CISA Warns of Truebot Malware Infecting US and Canadian Networks

Kamso Oguejiofor-Abugu Kamso Oguejiofor-Abugu Writer

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS), has issued a joint cybersecurity advisory regarding the emergence of new variants of Truebot malware targeting organizations in the United States and Canada.

Truebot, also known as Silence.Downloader, is a botnet that has been utilized by malicious cyber groups like the CL0P Ransomware Gang to gather and exfiltrate sensitive information from their victims.

According to the advisory, older versions of Truebot were primarily delivered through malicious email attachments in phishing campaigns. However, more recent iterations of the malware exploit a remote code execution vulnerability found in the Netwrix Auditor application (CVE-2022-31199) to gain initial access.

“Though phishing remains a prominent delivery method, cyber threat actors have shifted tactics, exploiting, in observable manner, a remote code execution vulnerability (CVE-2022-31199) in Netwrix Auditor — software used for on-premises and cloud-based IT system auditing,” the advisory reads. “Through exploitation of this CVE, cyber threat actors gain initial access, as well as the ability to move laterally within the compromised network.”

To mitigate the risk posed by Truebot malware, the authoring organizations recommend several measures, including increasing phishing awareness among employees, applying patches for the CVE-2022-31199 vulnerability, and updating the Netwrix Auditor to version 10.5.

The advisory also advises organizations to limit the use of the Auditor application to internally facing networks. Failure to follow this recommendation exposes systems to an increased risk of CVE-2022-31199 exploitation.

Organizations are urged to promptly implement the recommended mitigations outlined in the joint advisory, apply patches for CVE-2022-31199, and report any incidents or anomalous activities to relevant authorities such as CISA, the FBI, or the MS-ISAC.

By staying informed, addressing vulnerabilities, and adhering to best practices, organizations can enhance their cybersecurity defenses and protect against the evolving threat of the Truebot malware and similar malicious activities. Continuous monitoring and collaboration with trusted sources and authorities are vital for maintaining a robust defense against cyber threats.

About the Author

About the Author

Kamso Oguejiofor is a former Content Writer at SafetyDetectives. He has over 2 years of experience writing and editing topics about cybersecurity, network security, fintech, and information security. He has also worked as a freelance writer for tech, health, beauty, fitness, and gaming publications, and he has experience in SEO writing, product descriptions/reviews, and news stories. When he’s not studying or writing, he likes to play basketball, work out, and binge watch anime and drama series.