The US has claimed it has foiled a major cyberattack by Russian hackers before it could affect a large number of devices in the world. According to the Director of the Federal Bureau of Investigation, Christopher Wray, the FBI’s unique cyber capabilities were able to remove malware from devices used by thousands.
He said that the devices which were secured by the intelligence agency have been widely used by small businesses for network security all over the world. While addressing a press conference on Wednesday, he announced a series of new and recent enforcement actions to disrupt and prosecute criminal Russian activity.
“We’re announcing a sophisticated, court-authorized operation disrupting a botnet of thousands of devices controlled by the Russian government—before it could do any harm.”
“Yesterday’s Darknet takedown struck a blow against Russian criminals and the ecosystem of cryptocurrency tumblers, money launders, malware purveyors, and others supporting them. The botnet disruption we’re announcing today strikes a blow against Russian intelligence, the Russian government,” he added.
FBI Director says Russians implanted malware known as Cyclops Blink
The FBI Director claimed that the bot network that the intelligence agency has disrupted was built by the GRU – the Russian government’s military intelligence agency. “And in particular, it was the unit within GRU known to security researchers as Sandworm Team,” he said.
According to Wray, the GRU team, Sandworm, had implanted a specific type of malware known as ‘Cyclops Blink’ on thousands of WatchGuard Technologies’ Firebox devices. Notably, WatchGuard Technologies is a global leader in network security, endpoint security, secure Wi-Fi, multi-factor authentication, and network intelligence. The Cyclops Blink implanted in firefox devices is typically deployed in home office environments and in small to mid-size businesses.
“Sandworm strung them together to use their computing power in a way that would obfuscate who was really running the network and let them then launch malware or to orchestrate distributed denial of service attacks like the GRU has already used to attack Ukraine,” said the FBI director.
He noted that GRU’s Sandworm team has a long history of outrageous, destructive attacks; The disruption of the Ukrainian electric grid in 2015, attacks against the Winter Olympics and the Paralympics in 2018, a series of disruptive attacks against the nation of Georgia in 2019, and, in 2017.
Ukraine accuses China of launching cyberattacks
Earlier last week, Ukraine’s intelligence agency claimed that China staged a huge cyberattack on Ukraine’s military and nuclear facilities on February 23, a day before Russian forces started a “special military operation” against Ukraine.
According to a report published by The Times on Friday, the Chinese government was involved in facilitating a massive cyberattack on Ukrainian government websites. Citing Ukraine’s security service, British daily SBU reported the hacking of more than 600 websites belonging to the defence ministry in Kyiv and other institutions. The report categorically claimed that the hacking attempt was coordinated by the Chinese government.