Sarah N. Lynch
WASHINGTON (Reuters) – The FBI has wrested control of thousands of routers and firewall devices from Russian military hackers by hijacking the same infrastructure that Moscow spies use to communicate with the devices, U.S. officials said on Wednesday.
An unsealed editorial affidavit described the unusual operation as a pre-emptive move to stop Russian hackers from mobilizing infected devices into a “botnet” – a network of hacked computers that can be exploited with rogue traffic Bomb other servers.
“Fortunately, we were able to disrupt this botnet before it was used,” U.S. Attorney General Merrick Garland said.
The Russian embassy in Washington did not immediately respond to an email seeking comment.
The targeted botnet is controlled by malware called Cyclops Blink, which cyber defense agencies in the US and UK publicly blamed in late February on “Sandworm,” said to be part of a team of hackers from Russia’s military intelligence service, and many others. accused of cyberattacks.
Cyclops Blink was designed to hijack devices made by WatchGuard Technologies Inc and ASUSTeK Computer Inc, according to research by the private cybersecurity firm. It gave Russian services access to these compromised systems, offering the ability to remotely leak or delete data or target devices against third parties.
Watchguard released a statement confirming that it worked with the U.S. Department of Justice to disrupt the botnet, but did not disclose the number of affected devices — only saying they represented “less than 1 percent of WatchGuard devices.”
Asus, commonly known as ASUS, did not immediately respond to a message seeking comment.
FBI Director Chris Wray told reporters that the FBI secretly accessed thousands of routers and firewall devices with court approval to remove malware and reconfigure devices.
“We removed malware from devices that are used for cybersecurity by thousands of small businesses around the world,” Wray said. “We closed the door the Russians used to get into them.”
The affidavit noted that U.S. officials launched a publicity campaign “to inform owners of WatchGuard devices what they should do to fix the infection or vulnerability,” but less than half of the devices were repaired to repel the hackers.
The affidavit noted that the FBI worked in partnership with WatchGuard.
The news comes as a slew of new sanctions against Russian banks and elites are announced, days after grim images of civilian corpses taken up close in the town of Butcha surfaced.
Russia said its “special military operation” was aimed at demilitarizing and “denazification” of Ukraine and denied targeting civilians.
(Reporting by Sarah N. Lynch. Writing by Raphael Satter. Additional reporting by Satter and Christopher Bing; Editing by David Gregorio)
resource: Read the full article