US cyber defense services spotted and then blocked the proliferation of malware. A famous group of Russian hackers is believed to be behind this cyberattack.
Washington is taking precautions. The FBI, the American federal police, declared Wednesday April 6, 2022 to have dismantled a worldwide network made up of thousands of infected computers andcontrolled by the Russian intelligence services.
Concretely, cyber security services managed to block malicious software intended to create “botnets”, that is to say networks of infected computers then diverted to attack or monitor a target. Washington is formal, according to the New York Times, thebotnet called Cyclops Blink is under the control of Sandworm,a unit of the Russian military intelligence service, the GRU. US and UK cyber defense agencies publicly attributed the malware to hackers in Moscow last February.
” The Russian government recently used similar infrastructure to attack Ukrainian targets.Attorney General Merrick Garland told reporters. Fortunately, we were able to block this botnet before it could be used.. »
Cyclops Blink was designed to hijack devices made by Taiwanese company Asus and running WatchGuard’s firewall software, according to research by private cybersecurity firms. It provides Russian services with access to these compromised systems, offering the ability to exfiltrate or delete data remotely or turn the devices against a third party.
A group of Russian hackers specializing in mass hacking
FBI Director Chris Wray told Reuters reporters that his service ” removed this malware from devices used by thousands of mostly small businesses “. He added : ” we closed the door that the Russians had used to enter it “.
Sandworm is a well-known cyber defense unit, having been involved in attacks on Ukrainian power plants in 2015 and the mass hacking of connected devices during the opening ceremony of the 2018 Olympics in South Korea.
Since the start of Russia’s invasion of Ukraine, there have been several cyberattacks, such as the one against satellite internet company Viasat, which the Washington Post said was carried out by the Russian government. More recently, hackers linked to Moscow are said to have carried out a vast phishing campaign from a booby-trapped link to control Telegram accounts.