FBI Thwarts Hackers With Alleged Links to Russian Military Intelligence

The Federal Bureau of Investigation (FBI) has thwarted Russian hackers by taking control of thousands of routers and firewall appliances away from them by hijacking their infrastructure.

US officials said on Wednesday that the operation was a pre-emptive move to block the Russians hackers from mobilizing the compromised devices into a "botnet" that targets servers with rogue traffic, Reuters reported.

"Fortunately, we were able to disrupt this botnet before it could be used," US Attorney General Merrick Garland said, the agency reported. The Russian Embassy in Washington did not immediately return an email seeking comment.

Russian Hackers to target 2020 Tokyo Olympics, reveals Microsoft
Microsoft said that Russian hackers have carried out cyber-attacks against anti-doping agencies and sporting organizations all around the world. Reuters

More From Reuters:

The targeted botnet was controlled through malware called Cyclops Blink, which U.S. and UK cyberdefense agencies had publicly attributed in late February to "Sandworm," allegedly one of the Russian military intelligence service's hacking teams that has repeatedly been accused of carrying out cyberattacks.

Cyclops Blink was designed to hijack devices made by WatchGuard Technologies Inc and ASUSTeK Computer Inc, according to research by private cybersecurity firms. It provides Russian services with access to those compromised systems, offering the ability to remotely exfiltrate or delete data or turn the devices against a third party.

Watchguard issued a statement confirming it worked with the U.S. Justice Department to disrupt the botnet but did not disclose the number of devices affected - saying only that they represented "less than 1 percent of WatchGuard appliances."

AsusTek, better known as Asus, did not immediately return messages seeking comment.

FBI Director Chris Wray told reporters the FBI, with court approval, secretly reached into thousands of routers and firewall appliances to delete the malware and reconfigure the devices.

"We removed malware from devices used by thousands of mostly small businesses for network security all over the world," Wray said. "We shut the door the Russians had used to get into them."

cyber attack
Cyber security Pixabay

The affidavit noted that U.S. officials launched an awareness campaign "to inform owners of WatchGuard devices of the steps they should take to remediate infections or vulnerabilities" and yet less than half the devices had been fixed to expel the hackers.

The affidavit noted that the FBI had carried out its work in cooperation with WatchGuard.

The announcement came amid a flurry of new sanctions announced against Russian banks and elites, days after grim images emerged of the bodies of civilians shot at close range in the town of Bucha.

Russia says its "special military operation" is aimed at demilitarizing and "denazifying" Ukraine, and it has denied targeting civilians.

(With Reuters Inputs)

READ MORE