In an operation involving multiple partners, Microsoft (MSFT  ) launched a series of "technical actions" to disrupt the Trickbot botnet. The botnet's operators remain unknown, but it would appear that the network is at least temporarily hindered, or out of service.

Microsoft's announcement of its successful operation was released on Monday. The operation, intended to cut back on potential threats ahead of the November presidential election, was far-reaching and involved an estimated 1 million electronic devices that had been infected with Trickbot malware. Microsoft, using evidence gathered by its Digital Crimes Unit, received a court order allowing Microsoft and its partners to "disable the IP addresses, render the content stored on the command and control servers inaccessible, suspend all services to the botnet operators, and block any effort by the Trickbot operators to purchase or lease additional servers," according to the announcement.

Trickbot posed a considerable threat to the election, given its broad reach and the relative secrecy the network's operators enjoyed until Microsoft's investigation. Trickbot acts as a form of malware that plants itself in devices and steals login credentials. Microsoft believes that the network was also used as part of a "malware-as-a-service" scheme, in that the network could be used by its operators to deliver malware for customers.

Microsoft's operation was intended to help shore up American defenses against cyberattacks against election infrastructure. While it's not known if Trickbot was intended to or was being actively used to interfere in the election, its capabilities were well within range to do so.

"They could tie-up voter registration roles, election night reporting results and generally be extremely disruptive. Taking out one of the most notorious malware groups, we hope, will reduce the risk of ransomware's impact on the election this year," said Microsoft Vice President of Customer Security and Trust Tom Burt.