Tech

FBI accesses US servers to dismantle botnet malware installed by Russian spies

FBI accesses US servers to dismantle botnet malware installed by Russian spies

Enlarge (credit: Getty Images)

The FBI remotely accessed and disinfected US-located devices running a powerful new strain of Russian state botnet malware that the Kremlin was using to wage stealthy hacks of its adversaries, federal authorities said Wednesday.

The infected devices were primarily made up of firewall appliances from Watchguard and to a lesser extent, network devices from ASUS. Both
manufacturers recently issued advisories providing recommendations for hardening or disinfecting devices infected by Cyclops Blink, the latest botnet malware from Russia’s Sandworm, among the world’s most elite and destructive state-sponsored hacking outfits.

Regaining control

Cyclops Blink came to light in February in an advisory jointly issued by the UK’s National Cyber Security Center (NCSC), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI). Watchguard said at the time that the malware had infected about 1 percent of network devices it made.

Read 14 remaining paragraphs | Comments