A RUSSIAN Armed Forces’ botnet hacked thousands of Americans as the Justice Department says victims are still not safe.
The Justice Department announced on Wednesday that a court-authorized operation which was conducted in March 2022 disrupted a “global botnet of thousands of infected network hardware devices.”
1
The devices were under the control of a threat known as Sandworm.
Previously, the US has attributed Sandworm to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (the GRU), according to a news release from the Department of Justice.
The operation worked to copy and remove malware from vulnerable devices Sandworm was using for command and control (C2) of the botnet – or robot network.
By disabling the C2 mechanism, the Justice Department says, it severed the bots from the control of the Sandworm.
“This court-authorized removal of malware deployed by the Russian GRU demonstrates the department’s commitment to disrupt nation-state hacking using all of the legal tools at our disposal,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division.
“By working closely with WatchGuard and other government agencies in this country and the United Kingdom to analyze the malware and to develop detection and remediation tools, we are together showing the strength that public-private partnership brings to our country’s cybersecurity.
“The department remains committed to confronting and disrupting nation-state hacking, in whatever form it takes.”
The operation was authorized by the court on March 18, following an advisory that was sent out in February regarding the Cyclops Blink malware.
Most read in Tech
This malware tends to target devices made by WatchGuard Technologies Inc. (WatchGuard) and ASUSTek Computer Inc. (ASUS).
Additional companies were also affected, including five in Western Pennsylvania and others around the US, according to the Post-Gazette.
Even prior to the February advisory, the FBI had identified additional victim bots in the US.
The GRU has long been involved with cyberattacks, including one on the 2018 Olympics in South Korea.
The report from the Justice Department comes as hacking group Anonymous claims to have leaked more than 900,000 Russian state network emails in a major attack.
The email addresses are associated with Russia’s largest media corporation, All-Russia State Television and Radio Broadcasting Company (VGTRK), which has been accused of spreading propaganda.
VGTRK has been accused of spreading false information about the Ukraine war by Ukrainian President Volodymyr Zelensky and several other media outlets.
The leaked emails have been shared with a journalist organization called the Distributed Denial of Secrets (DDoSecrets).
The emails have also been also made public.
We pay for your stories!
Do you have a story for The US Sun team?
