Rising TrueBot Malware Attacks Prompt Cybersecurity Agencies' Warning
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a warning about Truebot malware variants that are exploiting a critical remote code execution (RCE) vulnerability in Netwrix Auditor software. The attacks have targeted organizations in the United States and Canada. The vulnerability, tracked as CVE-2022-31199, allows unauthorized attackers to execute malicious code with SYSTEM user privileges. Truebot is associated with the Russian-speaking Silence cybercrime group and is used by the TA505 group to deploy Clop ransomware. The attackers also install the FlawedGrace Remote Access Trojan (RAT) and Cobalt Strike beacons for further malicious activities. Organizations are advised to apply patches, update Netwrix Auditor, and implement mitigation measures.