FBI Shut Down Russia-linked “Cyclops Blink” Botnet That Infected Thousands of Devices

The U.S. Department of Justice (DoJ) announced that it neutralized Cyclops Blink, a modular botnet controlled by a threat actor known as Sandworm, which has been attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).

“The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used for command-and-control (C2) of the underlying botnet,” the DoJ said in a statement Wednesday.

In addition to disrupting its C2 infrastructure, the operation also closed the external management ports that the threat actor used to establish connections with the firewall appliances, effectively severing contact and preventing the hacking group from using the infected devices to commandeer the botnet.

The March 22 court-authorized disruption of Cyclops Blink comes a little over a month after intelligence agencies in the U.K. and the U.S. described the botnet as a replacement framework for the VPNFilter malware that was exposed and sinkholed in May 2018.

Cyclops Blink, which is believed to have emerged as early as June 2019, primarily targeted WatchGuard firewall appliances and ASUS routers, with the Sandworm group leveraging a previously identified security vulnerability in WatchGuard’s Firebox firmware as an initial access vector.

A follow-up analysis by cybersecurity firm Trend Micro last month suggested the possibility that the botnet is an attempt to “build an infrastructure for further attacks on high-value targets.”

“These network devices are often located on the perimeter of a victim’s computer network, thereby providing Sandworm with the potential ability to conduct malicious activities against all computers within those networks,” the DoJ added.

Details of the security flaw were never made public beyond the fact that the company addressed the issue as part of software updates issued in May 2021, with WatchGuard noting to the contrary that the issues were internally detected and that they Read more:https://bit.ly/3LUqH4J

Leave a Reply

Your email address will not be published. Required fields are marked *