Russian cybercriminals’ campaign hit by FBI, US says

Components including routers and firewall appliances were obtained by US authorities through their hacking of the same frameworks that pro-Kremlin operatives were using to communicate with the equipment.

An official document sheds light on the unorthodox mission’s intention to prevent Moscow-loyal computer experts from raising the infiltrated appliances as an online botnet army designed to create havoc on victim servers by activating waves of rogue traffic.

US Attorney General, Merrick Garland underlined how allies were “able to disrupt this botnet before it could be used.”

Named Cyclops Blink, the botnet that the FBI disturbed was controlled via malware, and is believed to be behind February’s “Sandworm” attack, US and UK cyber agencies say. Sandworm has been carrying out sustained levels of cyberattack on the behalf of Russian intelligence, Western authorities say.

Cyclops Blink was engineered to take over appliances created by Watchguard Technologies, according to private sector cyber firms. It gives Russian operations entry into compromised infrastructures, and allows for remote-based exfiltration or data deletion. It can also re-programme devices to work against another target entity.

Watchguard says it did work with the US DOJ to bring down the botnet, but did not reveal how many devices may have been impacted by its influence, saying only that the number represents “less than 1%” of the company’s appliances.

Speaking to reporters, the FBI Director, Chris Wray said:

“We removed malware from devices used by thousands of mostly small businesses for network security all over the world. We shut the door the Russians had used to get into them.”