According to the US Department of Justice (DoJ), a court-authorized FBI operation removed “Cyclops Blink”, a Russian-induced malware that affected thousands of devices worldwide.
The DoJ still recommends revisiting the initial February 23 advisory issued by the UK’s National Cyber Security Centre, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the FBI and the National Security Agency to secure and protect compromised devices.
The operation was carried out in March 2022 and disrupted a global two-tier botnet that controlled thousands of infected network hardware devices. The operation copied and removed malware from vulnerable internet-connected firewall devices that were used for command and control (C2) of the underlying botnet. Although no direct connection was established, disabling the C2 mechanism separated the bots from device control.
Assistant Attorney General G. Olsen of the Justice Department’s National Security Division said:
“This court-authorized removal of malware deployed by the Russian GRU demonstrates the department’s commitment to disrupting nation-state hacking using every legal tool at our disposal.
By working closely with WatchGuard and other government agencies in this country and the UK to analyze malware and develop detection and remediation tools, together we are showing the power that public-private partnership brings to the cybersecurity of our country. The department remains committed to confronting and disrupting nation-state hacking, whatever form it takes. »
The Cyclops Blink malware targets network devices manufactured by WatchGuard Technologies Inc. (WatchGuard) and ASUSTek Computer Inc. (ASUS). Network devices are often located at the perimeter of a victim’s computer network, providing the potential ability to conduct malicious activity against all computers on those networks.
If you believe you have a compromised device, the DoJ advises you to contact your local FBI office for assistance.