FBI-Led Operation Disrupts Russian GRU Botnet
"Cyclops Blink" operation disabled firewalls behind the Sandworm hacking team's network of infected victim devices.
The FBI in March targeted and disabled the command and control communications of a botnet controlled by the infamous Russian General Staff Main Intelligence Directorate (GRU) hacking team Sandworm, the US Department of Justice (DoJ) announced today.
The botnet used WatchGuard Technologies and ASUSTek Computer (ASUS) firewalls compromised with the so-called Cyclops Blink malware, which the Cybersecurity and Infrastructure Security Agency (CISA) first warned about on Feb. 23. In an FBI-led operation, officials removed Cyclops Blink malware from the compromised firewalls that gave Sandworm potential access to systems within the firewall operators' networks.
WatchGuard and ASUS both issued detection and guidance for their firewall customers on Feb. 23, but most of the thousands of devices on the botnet were still infected as of March.
In addition to removing the malware from the devices, the FBI also shut the remote management ports Sandworm had set up for accessing the devices. That stopped the Sandworm team from reaching the devices, but WatchGuard and ASUS device owners still must execute the detection and remediation steps provided by the two vendors to ensure Sandworm can't still abuse the devices, the DoJ said.
"If you believe you have a compromised device, please contact your local FBI Field Office for assistance. The FBI continues to conduct a thorough and methodical investigation into this cyber incident," the DoJ stated in its press advisory on the operation.
Cyclops Blink replaced a previous Sandworm botnet that ran on VPNFilter, which the DoJ sinkholed in May 2018.
About the Author(s)
You May Also Like
Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024Extending Access Management: Securing Access for all Identities, Devices, and Applications
June 4, 2024Assessing Software Supply Chain Risk
June 6, 2024Preventing Attackers From Wandering Through Your Enterprise Infrastructure
June 19, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024