US authorities claim to have disrupted a botnet controlled by the Russian state. The disruption occurred as a result of a court- authorized operation that took place in March. The botnet, called Cyclops Blink, was first discovered in February and tracked back to the Sandworm team. Sandworm is a malicious group that is believed to be part of Russian GRU’s Main Centre for Special Technologies. The group has been linked to high-profile attacks in the past, such as the BlackEnergy campaign that targeted Ukrainian power plants in 2015. Sandworm was also believed to have been responsible for the notorious NotPetya campaign that occurred in 2017.
Cyclops Blink is modular malware designed to infect devices via malicious or fraudulent firmware updates. Security researchers believe it may be the successor of a similar botnet known as VPNFilter due to its design and capabilities. WatchGuard and Asus devices are thought to have been targeted by the new botnet. Yesterday, US attorney General Merrick Garland claimed that US authorities were able to copy and remove the malware from infected devices. General Garland stated that the operation was imperative in disrupting the botnet before it could be used by the Russian-linked hacking group. In a press conference, he confirmed that Infection was detected in thousands of network hardware devices.
