US and British government agencies repulsed a large-scale Russian cyber attack last month. If the authorities had not intervened, thousands of companies and organizations worldwide could have fallen victim to malware called Cyclops Blink. Hackers group Sandworm is said to be responsible for the attack.
That writes the US Department of Justice in a press statement.
Sandworm is behind failed cyber attack
A day before the Russian invasion of Ukraine, the National Cyber Security Center (NCSC), Cybersecurity and Infrastructure Security Agency (CISA), FBI and NSA warned of Cyclops Blink. The malware, developed by Sandworm, a hacker group affiliated with the Russian military secret service GRU, was able to steal and delete data and add computers to a global botnet.
The malware specifically targeted equipment from WatchGuard Technologies and ASUS. Both manufacturers sent warning messages to their customers. In it, they asked them to update their devices as soon as possible and close the vulnerability. Thousands of business and private customers responded.
‘We have closed the door to the Russians’
In mid-March, US security services noticed that a significant portion of the devices had not yet been patched, possibly because the owners did not have the technical knowledge to do so. The Justice Department then went to court with a request to remove the malware from these devices without the owner’s approval. The court gave permission for this. In this way, the American and British government services have prevented thousands of victims worldwide.
FBI Director Chris Wray says it was necessary to sneak into thousands of routers and firewall applications to remove Cyclops