FBI specialists have established control over thousands of devices that were previously seized by cybercriminals, presumably acting under the direction of Russian military intelligence.
The Federal Bureau of Investigation has gained control of thousands of Internet routers and hardware firewalls previously hacked by Russian military hackers, using the same tools that were used by Moscow cybercriminals to communicate with devices, the U.S. Department of Justice said.
In a statement published today with banknotes, the unusual operation is described as a proactive measure to prevent Russian hackers from trying to assemble a “botnet” from compromised devices – a network of hacked computers with which hackers can attack other servers with Internet traffic streams.
“Fortunately, we were able to prevent the formation of this botnet before it was used,” said U.S. Attorney General Merrick Garland.
The Russian Embassy in Washington has not yet responded to a request for comment on the report of the U.S. Department of Justice.
The botnet collected by hackers was controlled using the Cyclops Blink virus program, which the American and British cyber defense agencies attributed to the “Sand Worm” at the end of February – presumably one of the hacker groups controlled by Russian military intelligence. This group has been repeatedly accused of committing other cyber-attacks.
Cyclops Blink was designed to hack devices manufactured by computer companies WatchGuard Technologies Inc and ASUSTeK Computer Inc, according to private cybersecurity companies. The program allows Russian hackers to gain access to the systems they hacked, giving them the ability to remotely take out or delete data, as well as use devices to attack other networks.
Watchguard issued a statement confirming its cooperation with the Ministry of Justice to prevent the creation of a botnet, but did not disclose the number of devices affected by hackers, noting that this number is “less than 1% of all devices manufactured by WatchGuard.”
AsusTek, also known as Asus, has not yet responded to a request for comment.
FBI Director Chris Wray told reporters that his agency, with the permission of the court, secretly gained access to thousands of routers and hardware firewalls in order to remove the virus and change the configuration of devices.
“We have removed the virus from devices used by thousands of mostly small companies to support network security around the world,” Ray said. “We have closed the door that the Russians used to infiltrate [other networks].”
The document published today notes that the U.S. government has launched an information campaign to inform owners of WatchGuard devices about the steps they should take to prevent hacker attacks. It is also reported that so far control has been established over less than half of the devices previously captured by hackers.