Companies were slow to remove Russian spies’ malware, so FBI did it for them

by
Dan Goodin
from Ars Technica - All content on (#5XXC9)
digital-lines-us-flag-800x518.jpeg

Enlarge (credit: Getty Images)

The FBI remotely accessed and disinfected US-located devices running a powerful new strain of Russian state botnet malware, federal authorities said Wednesday. Those authorities added that the Kremlin was using the malware to wage stealthy hacks of its adversaries.

The infected devices were primarily made up of firewall appliances from WatchGuard and, to a lesser extent, network devices from Asus. Both manufacturers recently issued advisories providing recommendations for hardening or disinfecting devices infected by the botnet, known as Cyclops Blink. It is the latest botnet malware from Russia's Sandworm, which is among the world's most elite and destructive state-sponsored hacking outfits.

Regaining control

Cyclops Blink came to light in February in an advisory jointly issued by the UK's National Cyber Security Centre (NCSC), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI). WatchGuard said at the time that the malware had infected about 1 percent of network devices it made.

Read 14 remaining paragraphs | Comments

index?i=y5Jq3avTjBg:cohRIcOm-ng:V_sGLiPB index?i=y5Jq3avTjBg:cohRIcOm-ng:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments