Last week, the Department of Justice took unprecedented action to prevent widespread cyberattacks. What you need to know about the latest effort to thwart Russian aggression by acting on and publicizing intelligence before Moscow even acts.
Attorney General Merrick Garland announced that over the past few weeks, the United States has secretly removed malware from a series of infected private computer networks around the world in an effort to pre-empt Russian cyberattacks.
The FBI started investigating the malware, known as Cyclops Blink and tied to the notorious Russian hacker group Sandworm, in late February. Sandstorm is suspected to be one of several active cyber arms of the Russian intelligence service, or G.R.U. Around the same time, the White House warned companies that Russia could attack critical US infrastructure ranging from the electric grid to communications and the financial markets.
Cyclops Blink works by infecting firewalls and then controlling those networks as part of a botnet, creating a large network of computers worldwide that can launch large scale Distributed Denial of Service Attacks (DDoS) as well sending spam for phishing campaigns and compromising sensitive information.
Controlling a network of this size could have easily been used for anything from surveillance to physically destructive attacks. Although the ultimate goals for Cyclops Blink remain unknown, the Justice Department did not wait to find out. Court orders allowed the FBI to go into domestic corporate networks and remove the malware – sometimes without the company’s knowledge.
In a press release, the Department of Justice said that FBI notified impacted companies and owners of infected devices on February 23rd and that foreign companies received notification through local law enforcement partners. “Fortunately, we were able to disrupt this botnet before it could be used”, Garland said in a statement.
Although the majority of the cyberattacks unleashed by Russia this year have been targeted at Ukraine, including infrastructure attacks on Viasat and Ukrtelecom, spill over impact has been felt in countries like Germany, who lost control of a large chunk of their wind turbine production network.
