July 6, 2023

Increased Truebot Activity Infects U.S. and Canada Based Networks

July 6, 2023

What we know so far

This joint advisory by CISA, FBI, MS-ISAC, and CCCS addresses the emergence of new Truebot malware variants targeting organizations in the US and Canada. Truebot, also known as Silence.Downloader, is a botnet used by malicious groups like CL0P Ransomware Gang to steal information from victims. Previously, Truebot was spread through phishing emails, but the newer versions exploit a vulnerability (CVE-2022-31199) in Netwrix Auditor to gain access and deploy the malware on a larger scale. Threat actors now use both phishing campaigns with malicious links and CVE-2022-31199 to distribute these new Truebot variants.

Arrow Right

Schedule a test

Subscribe to advisory alerts

Be immediately notified of new advisories and associated security tests

More advisories