Security News > 2022 > April > US Disrupts Russian Botnet

US Disrupts Russian Botnet
2022-04-07 14:31

The Justice Department today announced a court-authorized operation, conducted in March 2022, to disrupt a two-tiered global botnet of thousands of infected network hardware devices under the control of a threat actor known to security researchers as Sandworm, which the U.S. government has previously attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation.

The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used for command and control of the underlying botnet.

Although the operation did not involve access to the Sandworm malware on the thousands of underlying victim devices worldwide, referred to as "Bots," the disabling of the C2 mechanism severed those bots from the Sandworm C2 devices' control.

The botnet "Targets network devices manufactured by WatchGuard Technologies Inc. and ASUSTek Computer Inc." And note that only the command-and-control mechanism was disrupted.

The Justice Department made a point that they did this before the botnet was used for anything offensive.


News URL

https://www.schneier.com/blog/archives/2022/04/us-disrupts-russian-botnet.html