gizmodo.com Open in urlscan Pro
151.101.130.166  Public Scan

Form analysis
0 forms found in the DOM

Text Content

 * The A.V. Club
 * Deadspin
 * Gizmodo
 * Jalopnik
 * Jezebel
 * Kotaku
 * Lifehacker
 * The Root
 * The Takeout
 * 
 * The Onion
 * 
 * The Inventory

Tech. Science. Culture.

ShopSubscribe

HomeLatestTechReviewsHow ToScienceEartherio9EN ESPAÑOL
Tech. Science. Culture.


 * Home
 * Latest
 * Tech
 * Reviews
 * How To
 * Science
 * Earther
 * io9
 * EN ESPAÑOL

AboutGizmodo AdvisorGizmodo Store
Explore our other sites
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 

AdvertisingPrivacyJobsTerms of Use
 * 
 * 
 * 
 * 
 * 

© 2022 G/O Media

HomeLatestTechReviewsHow ToScienceEartherio9EN ESPAÑOL




Privacy and Security


MASSIVE RUSSIAN BOTNET TARGETING ASUS ROUTERS DISRUPTED BEFORE IT COULD ATTACK,
FBI SAYS


IN MARCH, U.S. LAW ENFORCEMENT CONDUCTED AN OPERATION TO DISRUPT "CYCLOPS
BLINK," A BOTNET RUN BY ONE OF RUSSIA'S MOST FEARSOME HACKER GANGS.

By
Lucas Ropek

Wednesday 3:30PM

Comments (3)
Alerts



Photo: seksan Mongkhonkhamsao (Getty Images)


U.S. officials have revealed a previously undisclosed law enforcement operation
against “Sandworm,” the powerful Russian hacking team known for its dexterous
and destructive capabilities.

Advertisement




The operation, which took place in March, saw the FBI secure court authorization
to hack and disrupt “Cyclops Blink,” a large botnet of thousands of
malware-infected devices allegedly operated by the Russian hackers.

During a press conference Wednesday morning, Justice Department and FBI
officials explained that they had recently secured legal authorization from
courts in California and Pennsylvania to hack command and control servers used
by Sandworm to operate the malicious network. The hacking of the C2 servers
removed the malware that had infected the machines, effectively severing the
botnet operators from their bot herds and disabling the malicious network at its
source.





While the devices that were previously controlled by the C2s, i.e., the “bots,”
are still infected by Sandworm’s malware, they can no longer be controlled by
the network’s operators, officials said.



“This operation is an example of the FBI’s commitment to combatting cyber
threats through our unique authorities, capabilities, and coordination with our
partners,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division
during the media appearance. “As the lead domestic law enforcement and
intelligence agency, we will continue pursuing cyber actors that threaten the
national security and public safety of the American people, our private sector
partners and our international partners.”

Sponsored LinksSponsored Links
Promoted LinksPromoted Links

Forge Of Empires - Free Online Game

Wenn du Zeit am Computer totschlagen musst, ist dieses Vintage Spiel ein Muss.
Kein Install.Forge Of Empires - Free Online Game

9 Cringiest Moments From the Windows 95 LaunchGizmodo

Forge Of Empires
Advertisement


Wenn du gerne spielst, ist dieses Vintage Spiel ein Muss. Kein Install.Forge Of
Empires

Squid Change Color to Hide in Plain SightGizmodo

Hausfrage.de

Ist jetzt der richtige Zeitpunkt für den Hausverkauf?Hausfrage.de



G/O Media may get a commission
Save $35
Viofo A119 V3 Dash Cam

Never miss and event while driving
This car insurance saver comes equipped with a 5mp IMX335 Sony Starvis sensor
and an F1.6 7G lens that allows you to record crystal clear video during the day
and night.

Buy for $85 at Amazon


The menacing entity at the center of this operation, Sandworm, is thought to be
one of the Russian government’s most fearsome and talented hacking groups.
Threat researchers believe it’s operated by the General Main Intelligence
Directorate of the General Staff of the Russian Armed Forces, or GRU—one of
Russia’s top intelligence agencies. In the past, it has been blamed for numerous
large, destructive hacks—including a cyberattack on Ukraine’s power grid in 2015
that temporarily led to widespread outages.

“Cyclops Blink,” the modular malware deployed by Sandworm, is a malicious Linux
ELF executable that officials say has been used to infect thousands of network
hardware devices scattered throughout the world. Most recently, Sandworm pivoted
to using “Blink” to infect products from WatchGuard Technologies and ASUSTek
Computer (ASUS) firewalls. Such devices are used for network security, primarily
in home office environments and by small to mid-size businesses. In February,
law enforcement officials in the U.S. and Europe warned of Sandworm’s new
campaign to infect devices using the “Blink” malware, noting that it was mostly
targeted at WatchGuard devices.

Advertisement




When reached for comment, WatchGuard told Gizmodo that after hearing of the
infections it had worked quickly to release “detection and remediation tools to
protect its partners and customers” and that the “Cyclops” infections had
ultimately affected “less than 1% of WatchGuard appliances.”

Botnets’ malicious networks are commonly used to conduct cyberattacks and aid in
malicious criminal activity. However, U.S. officials say they were able to
disrupt “Blink” before it could be effectively “weaponized.”

Advertisement




During Wednesday’s press conference, Attorney General Merrick Garland explained
that the takedown of “Cyclops Blink” had been part of a broader push by U.S.
agencies to stamp out Russian criminal activity—and to punish Russia for its
recent military invasion of Ukraine.

“The Russian government has recently used similar infrastructure to attack
Ukrainian targets. Fortunately, we were able to disrupt this botnet before it
could be used,” said Garland. “Thanks to our close work with international
partners, we were able to detect the infection of thousands of network hardware
devices. We were then able to disable the GRU’s control over those devices
before the botnet could be weaponized.”

Advertisement




Garland also noted America’s role in Tuesday’s takedown of the
“Russia-affiliated” darknet marketplace Hydra, which was initially announced by
German federal police. Garland added that charges had been filed against a
“Russian national” who is believed to be the administrator of the “market’s
technical infrastructure.”

Subscribe to our newsletter!
Give us your email address or the robot gets it.
Enter your emailSign Me Up
By subscribing you agree to our Terms of Use and Privacy Policy.




TechPrivacy and Security




Featured Videos
Video Player is loading.
Play Video
Play
Unmute

Current Time 0:00
/
Duration 2:07
Loaded: 4.71%



Stream Type LIVE
Seek to live, currently playing liveLIVE
Remaining Time -2:07
 
Playback Rate

1x
Chapters
 * Chapters

Descriptions
 * descriptions off, selected

Captions
 * captions off, selected

 * Quality
 * 240p
 * 480p
 * 720p
 * 1080p
 * Auto, selected

Audio Track
 * default, selected

Fullscreen

This is a modal window.



9 Cringiest Moments From the Windows 95 Launch
Squid Change Color to Hide in Plain Sight
Thursday 5:15PM
Unreleased 1986 Nuclear Attack Simulation
3/30/22 9:20AM

You may also like
Lifehacker
Stop Telling Kids to 'Be Careful' (and What to Say Instead)

Thursday 1:00PM
Kotaku
Hello Yaddle, Goodbye Weekends

Yesterday 6:00PM
Kotaku
RIP Sora's Big-Ass Clown Shoes, 2002-2022

Yesterday 12:15PM


Recommended from G/O Media
8 Black Women Who Have Shattered The Political Glass Ceiling
4/7/2022, 8:20 PM

23 Hot Dogs That Will Show You What America Tastes Like
4/5/2022, 2:30 PM

14 of the Greatest Baseball Movies for People Who Don’t Care About Baseball
4/6/2022, 8:30 PM