The Canadian Centre for Cyber Security (Cyber Centre), part of the Communications Security Establishment, and its partners are warning about a widespread increase in Truebot malware activity targeting organizations in Canada and the United States.
The joint cyber security advisory is co-signed by:
- The Canadian Centre for Cyber Security (Cyber Centre)
- The Cybersecurity and Infrastructure Agency (CISA)
- The Federal Bureau of Investigation (FBI)
- Multi-State Information Sharing and Analysis Center (MS-ISAC)
Cyber threat actors are using new variants of Truebot malware to exfiltrate large amounts of sensitive information for financial gain.
While previous Truebot variants were usually delivered via phishing email attachments, newer versions also exploit a vulnerability in the Netwrix Auditor application. This vulnerability allows a malicious actor to move laterally, execute remote code and spread malware at scale.
The advisory contains technical details to help cyber defenders prevent and respond to Truebot malware activity, including delivery methods and indicators of compromise.
The Cyber Centre encourages organizations to implement the recommendations in this advisory.
Canadian organizations that discover Truebot malware activity are encouraged to report it via the My Cyber Portal, or email contact@cyber.gc.ca.