Microsoft and FBI Claim Thwarting Mass Cyberattacks

American technology giant Microsoft and the United States Federal Bureau of Investigation (FBI) claimed they have disrupted Russian mass cyberattacks after obtaining court orders.

The FBI announced on Wednesday it had removed malware from devices mostly of small businesses around the world. FBI Director Christopher Wray said that the “sophisticated, court-authorized” operation disrupted “botnets”—a network of hijacked devices controlled by the Russian government’s military intelligence agency (GRU)—to prevent further harm.

Researchers and the FBI had identified the Russian GRU unit as the Sandworm Team, which had embedded a type of malware called Cyclops Blink on devices including security appliances.

Microsoft also disclosed it had re-directed seven internet domains used by Strontium, a Russian GRU unit, to a sinkhole controlled by the tech company. The re-direction enabled the mitigation of Strontium’s use of the internet domains and the notification of the victims of cyberattacks.

The tech company claimed that Strontium was using the internet domains to attack Ukrainian institutions such as media organizations.

“We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information,” Microsoft said.

Wray said the FBI will continue to “go offense” against Russian cyber threats. Microsoft also vowed to work closely with governments and organizations to help in defending Ukraine against Russian attacks.


© Fourth Estate® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.