Security News > 2022 > April > US Disrupts Russian Botnet
The Justice Department today announced a court-authorized operation, conducted in March 2022, to disrupt a two-tiered global botnet of thousands of infected network hardware devices under the control of a threat actor known to security researchers as Sandworm, which the U.S. government has previously attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation.
The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used for command and control of the underlying botnet.
Although the operation did not involve access to the Sandworm malware on the thousands of underlying victim devices worldwide, referred to as "Bots," the disabling of the C2 mechanism severed those bots from the Sandworm C2 devices' control.
The botnet "Targets network devices manufactured by WatchGuard Technologies Inc. and ASUSTek Computer Inc." And note that only the command-and-control mechanism was disrupted.
The Justice Department made a point that they did this before the botnet was used for anything offensive.
News URL
https://www.schneier.com/blog/archives/2022/04/us-disrupts-russian-botnet.html
Related news
- US Government, Microsoft Aim to Disrupt Russian threat actor ‘Star Blizzard’ (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- US warns of last-minute Iranian and Russian election influence ops (source)
- Russian suspected Phobos ransomware admin extradited to US over $16M extortion (source)