FBI-Led Operation Disrupts Russian GRU BotnetFBI-Led Operation Disrupts Russian GRU Botnet
"Cyclops Blink" operation disabled firewalls behind the Sandworm hacking team's network of infected victim devices.
April 6, 2022
The FBI in March targeted and disabled the command and control communications of a botnet controlled by the infamous Russian General Staff Main Intelligence Directorate (GRU) hacking team Sandworm, the US Department of Justice (DoJ) announced today.
The botnet used WatchGuard Technologies and ASUSTek Computer (ASUS) firewalls compromised with the so-called Cyclops Blink malware, which the Cybersecurity and Infrastructure Security Agency (CISA) first warned about on Feb. 23. In an FBI-led operation, officials removed Cyclops Blink malware from the compromised firewalls that gave Sandworm potential access to systems within the firewall operators' networks.
WatchGuard and ASUS both issued detection and guidance for their firewall customers on Feb. 23, but most of the thousands of devices on the botnet were still infected as of March.
In addition to removing the malware from the devices, the FBI also shut the remote management ports Sandworm had set up for accessing the devices. That stopped the Sandworm team from reaching the devices, but WatchGuard and ASUS device owners still must execute the detection and remediation steps provided by the two vendors to ensure Sandworm can't still abuse the devices, the DoJ said.
"If you believe you have a compromised device, please contact your local FBI Field Office for assistance. The FBI continues to conduct a thorough and methodical investigation into this cyber incident," the DoJ stated in its press advisory on the operation.
Cyclops Blink replaced a previous Sandworm botnet that ran on VPNFilter, which the DoJ sinkholed in May 2018.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks