In January, Microsoft got a US court order allowing it to seize a website behind a foreign-based threat actor distributing tools for bypassing safety guardrails of generative AI services of several tech companies, including its own. The threat actor’s software exploited exposed customer credentials scraped from public websites.
And in August, the US Justice Department announced coordinated actions against the BlackSuit (Royal) Ransomware group which included the takedown of four servers and nine domains, with the help of the FBI and international law enforcement agencies in the United Kingdom, Germany, Ireland, France, Canada, Ukraine, and Lithuania.
However, threat actors can be resilient. For example, in 2020 Microsoft, Symantec, ESET, communications provider NTT, and Lumen Technologies combined with others to get a US court order directing web hosting providers to take down the IT infrastructure distributing the Trickbot botnet. But according to researchers at Huntress, TrickBot is still being used by threat actors for remote access.
