FBI secretly took down massive Russian botnet last month

An FBI operation in March took out a massive botnet controlled by Russian intelligence.

The operation copied and removed malware known as ‘Cyclops Blink’ from the botnet’s command-and-control devices, disrupting Russia’s control over thousands of infected devices worldwide.

The ‘successful’ operation was revealed on Wednesday by the US Justice Department (DoJ) but came with a warning that device owners should still review the initial February 23 advisory to secure their compromised devices and prevent reinfection.

Since news first emerged in February about the rising threat of Cyclops Blink, thousands of compromised devices had been secured by owners.

However, the ‘majority’ of infected devices were still compromised by mid-March, driving the DoJ for a court-ordered operation 

Cyclops Blink is believed to be the successor to VPNFilter, a botnet largely neglected after it was exposed by security researchers in 2018.

Both Cyclops Blink and VPNFilter are attributed to Sandworm, a group of hackers working for the Russian Federation’s Main Intelligence Directorate (GRU), the country’s military intelligence unit.

The operation effectively prevented Sandworm from ‘accessing these C2 devices, thereby disrupting Sandworm’s control of the infected bot devices controlled by the remediated C2 devices’, said the DoJ’s statement.

‘The operation did not involve any FBI communications with bot devices,’ it added.

While the goal of the Cyclops Blink botnet is unclear, security researchers say the botnet is capable of collecting information and conducting espionage, launching distributed denial-of-service (DDoS) attacks that overload websites and servers with junk traffic.

The attacks could render the devices inoperable and cause system and network disruptions.

Sandworm is particularly known for launching disruptive hacks over the years, including knocking the Ukrainian power grid offline, using malware to try to blow up a Saudi petrochemical plant, and more recently deploying a destructive wiper targeting the Viasat satellite network over Ukraine and Europe.

The operation disrupted a ‘two-tiered global botnet of thousands of infected network hardware devices under the control of a threat actor known to security researchers as Sandworm’ said the DoJ’s statement.

‘The FBI has an unwavering commitment to combat and disrupt Russia’s efforts to gain a foothold inside U.S. and allied networks,’ said said Special Agent in Charge Mike Nordwall of the FBI’s Pittsburgh Field Office.

Source: Read Full Article