Microsoft and Partners Disrupt Prolific ZLoader Botnet
Microsoft has revealed a recent operation that helped to take down a notorious Trojan used by prolific hacking groups around the world. The groups leveraged a Trojan called ZLoader to conduct ransomware ant other cyberattacks. Similar to other botnets such as TrickBot and Emotet, ZLoader was developed from the Zeus banking Trojan but has since undergone significant development and added new functionalities. While it was originally a banking Trojan, ZLoader is now capable of compromising devices. Its operators sold the compromised devices to other threat actors who then used it to download additional payloads.
ZLoader has been linked to high-profile ransomware campaigns such as Ryuk, DarkSide, and BlackMatter. Microsoft reportedly obtained a court order to take over 65 command and control domains used by the group behind the Trojan. Microsoft then implemented a sinkhole in which the botnet’s operators can no longer access the servers. Microsoft did agree that the threat actors behind ZLoader would likely seek to revive the botnet, however, so it may return soon.