Security News > 2022 > April > US disrupts Russian Cyclops Blink botnet before being used in attacks
US government officials announced today the disruption of the Cyclops Blink botnet linked to the Russian-backed Sandworm hacking group before it was used in attacks.
The malware, used by Sandworm to create this botnet since at least June 2019, is targeting WatchGuard Firebox firewall appliances and multiple ASUS router models.
"We are announcing today [.] the disruption of a global botnet controlled by the Russian military intelligence agency, commonly known as the GRU," US Attorney General Merrick Garland said.
"The Russian government has recently used similar infrastructure to attack Ukrainian targets. Fortunately, we were able to disrupt this botnet before it could be used."
The FBI has also notified owners of compromised devices in the United States and abroad through foreign law enforcement partners before removing the Cyclops Blink malware.
US victims whose contact info was not found were contacted by their providers following notices issued by the FBI. FBI Director Chris Wray said the botnet was disrupted following close cooperation with Watchguard while analyzing the malware and developing detection tools and remediation techniques.
News URL
Related news
- New CMoon USB worm targets Russians in data theft attacks (source)
- Unpatched AVTECH IP Camera Flaw Exploited by Hackers for Botnet Attacks (source)
- Iran Cyber Attack: Fox Kitten Facilitates Ransomware in US (source)
- US cracks down on Russian disinformation before 2024 election (source)
- Russian military hackers linked to critical infrastructure attacks (source)
- U.S. Offers $10 Million for Info on Russian Cadet Blizzard Hackers Behind Major Attacks (source)
- Hacktivist Group Twelve Targets Russian Entities with Destructive Cyber Attacks (source)
- US proposes ban on Chinese, Russian connected car tech over security fears (source)
- US sanctions crypto exchanges used by Russian ransomware gangs (source)