There is the Chief Information Directorate of the Russian government behind the heavy cyber attack thwarted by the FBI and the United States Department of Justice which had infected thousands of network devices manufactured by WatchGuard and ASUS. The origin of the malware Cyclops Blink is attributed to Sandworm, a hacker group operating on behalf of the Glavnoe razvedyvatel’noe upravlenie (GRU) of the General Staff of the Armed Forces of the Russian Federation. The US-led operation is part of the country’s broader campaign to defend against cyber attacks from Moscow.
The US Department of Justice has been cleared by the courts of California and Pennsylvania of hack the command and control servers used by Sandworm to have access to networked computers in order to infect and take possession of them. The malware was thus removed, disrupting the Russians’ control over the botnet (i.e. on the network of infected computers). These are the words of the attorney for the Western District of Pennsylvania Cindy K. Chung:
We have identified, interrupted and exposed another example of the Russian GRU hacking innocent victims in the United States and around the world. Such activities are not only criminal, but also threaten the national security of the United States and its allies.
The facts date back to the end of February, when the UK and the US identified Cyclops Blink, known malware since 2019 targeting network devices WatchGuard and ASUS and, through these, to all computers connected to the network itself. Both companies have promptly released corrective patches to close the flawbut despite the speed it was found that in mid-March the computers initially infected were still compromised.
At that point the DoJ intervened: once permission was obtained from the court to conduct a legal hackmanaged to copy and remove the malware from all command and control devices, simultaneously closing the access doors used by Sandstorm and interrupting its control over infected bots. Breaking the chain does not mean that you have completely eliminated the malware from the affected computers, however – WatchGuard and ASUS are still working on this to publish further corrective patches.
Credits opening image: Pixabay