U.S. Disrupts Global ‘Botnet’ Controlled by Russian Military, Justice Department Says

The United States disrupted a global “botnet” controlled by Russian military intelligence agency known as the GRU, the Justice Department announced on April 6.

The Justice Department announced that a court-authorized operation conducted in March disrupted a global “botnet” of thousands of infected network hardware devices controlled by security researchers known as Sandworm Team within GRU.

The operation copied and removed malware known as “Cyclops Blink” that Sandworm implanted on thousands of network devices by WatchGuard Technologies Inc. and ASUSTek Computer Inc.

Attorney General Merrick Garland told reporters that the Russian government used similar infrastructure to attack Ukrainian targets.

“Fortunately, we were able to disrupt this botnet before it could be used… We were then able to disable the GRU’s control over those devices before the botnet could be weaponized,” Garland said

However, Federal Bureau of Investigation Director Christopher Wray warned that “any Firebox devices that acted as bots may still remain vulnerable in the future until mitigated by their owners, so those owners should still go ahead and adopt WatchGuard’s recommended detection and remediation steps as soon as possible.”

Wray told reporters that authorities are continuing to conduct a “thorough and methodical investigation.”


© Fourth Estate® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.