Feds take down Kremlin-backed Cyclops Blink botnet

2022-04-06 19:24

The US Justice Department today revealed details of a court-authorized take-down of command-and-control systems the Sandworm cyber-crime ring used to direct network devices infected by its Cyclops Blink malware.

The move follows a joint security alert in February from US and UK law enforcement that warned of WatchGuard firewalls and ASUS routers being compromised to run Cyclops Blink.

During the March 22 court-authorized operation, the Feds removed malicious code from "Thousands" of firewall appliances that Sandworm compromised to act as command-and-control systems for the Cyclops Blink botnet.

The operation did not access the remote-control Cyclops Blink malware on thousands of individual devices worldwide.

In the joint February alert, the agencies noted that Cyclops Blink targeted WatchGuard and ASUS hardware.

According to the Justice Department, by mid-March, a majority of the compromised appliances were still infected with Cyclops Blink.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/04/06/takedown_cyclops_blink/

#botnet #FED #kremlin