US authorities have revealed April 6 tracked down and removed the botnet from certain infected computers, sometimes without the knowledge of the victims. Named Cyclops Blink, it emerged in June 2019 and is attributed to the Sandworm group behind which hides the GRU, Russian military intelligence. Many devices would still be infected.
Cyclops Blink, heir to VPNFilter
Since the beginning of Russia’s invasion of Ukraine on February 24, the United States has constantly warned its critical companies against cyber risks. By revealing the existence of an operation against the Cyclops Blink botnet, the country makes this threat very concrete, as it did a few weeks before with an older cyberattack. The objective is also to warn Russia that the United States will not let it go.
Former Cash App employee steals data of 8.2 million users
Assistant prosecutor Matthew Olsen assumes this part of communication in the authorities’ approach to transparency, ” court-authorized, this removal of malware deployed by the Russian GRU demonstrates the department’s commitment to disrupting nation-state hacking using every legal tool at our disposal “.
Cyclops Blink attacked WatchGuard and Asus brand devices. It was spotted in February 2022 by the National Cyber Security Center (NCSC), Cybersecurity and Infrastructure Security Agency (CISA), ANSSI equivalents in the UK and US, as well as the NSA and the FBI.
The malware is described as an heir to VPNFilter. It was present in some 500,000 American routers in 2018. American justice explains, “ As with VPNFilter, Sandworm actors have deployed Cyclops Blink to network devices around the world in what appears to be an indiscriminate way; that is, the infection of a particular device by Sandworm actors appears to have been motivated by that device’s vulnerability to malware, rather than a concerted effort to target that particular device or its owner for other reasons “.
The FBI operated discreetly
A botnet is a network of zombie computers, controlled by the cyberattacker. It can remain dormant until the desired time. The US Department of Justice admits that it failed to identify Cyclops Blink’s target. The computer network could have been used for espionage or sabotage. It’s not the most important thing for Attorney General Merrick Garland who said, ” Fortunately, we were able to disrupt this botnet before it could be used. “.
This perturbation was performed in two steps. First of all, WatchGuard and Asus, warned, published a notice on February 23 to warn their customers and encourage them to clean their machines. This publication had insufficient effect according to the authorities, the number of devices with the botnet fell by only 39%.
The Americans therefore decided to move up a gear. On March 18, two courts quietly authorized the FBI to remotely wipe computer networks of US-based companies, sometimes without notifying victims in advance, reports the New York Times.
Authorities insist Cyclops Blink is not completely gone, far from it. The recommendations of WatchGuard and Asus are still valid asserts the Department of Justice, “ The department urges network advocates and device owners to review the February 23 advisory and statements from WatchGuard and ASUS “. Encouraging companies to act for their cybersecurity is the last major issue of these official revelations.
The United States is on edge
This step is all the more important since Sandworm has already demonstrated its power to harm. The Kremlin-affiliated group is known for several major operations against the Ukrainian power grid in 2015, 2016, for NotPetya in 2017 and others, including VPNFilter. In France, he would be responsible for the hacking of En Marche mailboxes during the 2017 presidential election.
US intelligence agencies are watching the attacks on Ukraine with undisguised attention. Whether it is against VIASAT at the start of the invasion or more recently against the internet service provider Ukrtelecom, the Pentagon and the services fear that these Russian cyberattacks, currently concentrated on Ukraine, will eventually reach the United States.