U.S. Disrupted Kremlin's Cyclops Blink Botnet Before It Could Be Weaponized
AirTags are used to stalk, harass women, Google pulls data-harvesting apps from store, VMWare urges critical patches, Top musicians' YouTube accounts hacked to show video of swindler, more
In an unprecedented operation, Attorney General Merrick Garland announced that the U.S. had secretly removed Russian botnet malware from computer networks in the U.S. and worldwide in recent weeks before the botnet could be weaponized.
The operation disrupted a two-tiered global botnet of thousands of infected network hardware devices called Cyclops Blink under the control of a threat actor known to security researchers as Sandworm. The U.S. government has previously attributed Sandworm to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (the GRU).
The FBI worked with security firm Watchguard, whose firewalls had been infected with the malware, to analyze the malware and develop detection and remediation tools. Although the operation did not involve access to the Sandworm malware on the thousands of underlying victim devices worldwide that served as bots, the operation closed the external management ports that the threat actor used to…
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.