Security News > 2022 > April > US disrupts Russian Cyclops Blink botnet before being used in attacks
US government officials announced today the disruption of the Cyclops Blink botnet linked to the Russian-backed Sandworm hacking group before it was used in attacks.
The malware, used by Sandworm to create this botnet since at least June 2019, is targeting WatchGuard Firebox firewall appliances and multiple ASUS router models.
"We are announcing today [.] the disruption of a global botnet controlled by the Russian military intelligence agency, commonly known as the GRU," US Attorney General Merrick Garland said.
"The Russian government has recently used similar infrastructure to attack Ukrainian targets. Fortunately, we were able to disrupt this botnet before it could be used."
The FBI has also notified owners of compromised devices in the United States and abroad through foreign law enforcement partners before removing the Cyclops Blink malware.
US victims whose contact info was not found were contacted by their providers following notices issued by the FBI. FBI Director Chris Wray said the botnet was disrupted following close cooperation with Watchguard while analyzing the malware and developing detection tools and remediation techniques.
News URL
Related news
- US warns of last-minute Iranian and Russian election influence ops (source)
- China's Volt Typhoon reportedly breached Singtel in 'test-run' for US telecom attacks (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- Russian suspected Phobos ransomware admin extradited to US over $16M extortion (source)
- Mega US healthcare payments network restores system 9 months after ransomware attack (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- Faraway Russian hackers breached US organization via Wi-Fi (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Vodka maker Stoli files for bankruptcy in US after ransomware attack (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)