DoJ takes down Russian botnet that targeted WatchGuard and Asus routers

The US Justice Department in March carried out an operation that successfully removed malware known as “Cyclops Blink” from vulnerable internet-connected firewall devices, the department announced Wednesday. The operation disrupted the control the Russian Federation’s Main Intelligence Directorate (GRU) had over a global botnet of thousands of infected devices.

The Cyclops Blink Malware specifically targeted WatchGuard and Asus network devices. A threat actor known as Sandworm (which the US government previously attributed to the GRU) used the malware for command and control of the underlying botnet. By disabling the command and control mechanism, the Justice Department was able to sever Sandworm from the network of bots. 

However, WatchGuard and ASUS devices that acted as bots may remain vulnerable to Sandworm if device owners do not take the remediation steps advised by WatchGuard and ASUS, the Justice Department warned. 

Various DOJ agencies, as well as the US National Security Agency and the UK’s National Cyber Security Centre, first released an advisory on Feb. 23 identifying the Cyclops Blink malware. The advisory explained that the malware appeared to have emerged as early as June 2019, as the apparent successor to another Sandworm botnet the DOJ took down in 2018. 

The same day as the advisory,

Read More: