US, Canadian Agencies Warn Organizations About New Truebot Malware Variants

Government agencies in the United States and Canada have issued a joint advisory to warn and protect organizations from new variants of Truebot malware.

According to the Cybersecurity and Infrastructure Security Agency, the FBI, the Multi-State Information Sharing and Analysis Center, and the Canadian Centre for Cyber Security, cyber threat actors previously used phishing emails containing redirect hyperlinks to expose systems to Truebot.

Newer variants, however, can be deployed via the exploitation of a remote code execution vulnerability within the Netwrix Auditor application.

The Cl0p ransomware gang is one of the malicious cyber groups that use Truebot to steal information from its victims, CISA said.

All organizations are encouraged to take action to prevent Truebot-related cyberattacks, including applying vendor patches to Netwrix Auditor, updating Windows PowerShell or PowerShell Core to support enterprise monitoring and incident response activities, disabling file and printer sharing services, and employing phishing-resistant multifactor authentication.

Entities are advised to report cyber incidents and anomalous activity to CISA, the FBI or MS-ISAC and visit StopRansomware .gov, a website that provides resources and services for improving cyber hygiene and reducing ransomware risks.