US and British government agencies repulsed a large-scale Russian cyber attack last month. If the authorities had not intervened, thousands of companies and organizations worldwide could have fallen victim to malware called Cyclops Blink. Hackers group Sandworm is said to be responsible for the attack.
That writes the US Department of Justice in a press statement.
Sandworm is behind failed cyber attack
A day before the Russian invasion of Ukraine, the National Cyber Security Center (NCSC), Cybersecurity and Infrastructure Security Agency (CISA), FBI and NSA warned of Cyclops Blink. The malware, developed by Sandworm, a hacker group affiliated with the Russian military secret service GRU, was able to steal and delete data and add computers to a global botnet.
The malware specifically targeted equipment from WatchGuard Technologies and ASUS. Both manufacturers sent warning messages to their customers. In it, they asked them to update their devices as soon as possible and close the vulnerability. Thousands of business and private customers responded.
‘We have closed the door to the Russians’
In mid-March, US security services noticed that a significant portion of the devices had not yet been patched, possibly because the owners did not have the technical knowledge to do so. The Justice Department then went to court with a request to remove the malware from these devices without the owner’s approval. The court gave permission for this. In this way, the American and British government services have prevented thousands of victims worldwide.
FBI Director Chris Wray says it was necessary to sneak into thousands of routers and firewall applications to remove Cyclops Blink. “We have removed the malware from devices used by thousands of small businesses around the world to secure their networks. We closed the door before the Russians had a chance to get in,” Wray told Reuters .
Despite the intervention of US and British security services, the systems are still infected. However, the settings have been adjusted in such a way that Russian hackers no longer have access. The Ministry of Justice calls on everyone to update the software on their device. A WatchGuard Technologies spokesperson told Reuters that “less than 1 percent” of all devices were infected with the hacker group’s malware.
VVD wants Russian hackers on European sanctions list
Even before the outbreak of the war in Ukraine, a fierce digital war is raging between Russia and the neighboring country. Hackers from both camps and sympathizers attack Russian and Ukrainian government services, financial institutions, and other targets. The Kremlin warned last week that “cyber aggression” against the country must end. If not, it will have “serious consequences for the instigators and perpetrators.”
Queeny Rajkowski (VVD) wants Russian hackers, just like rich oligarchs, to be placed on a European sanctions list. According to her, they attack Dutch companies, educational institutions, and government services almost every day, purely for money. “They are common criminals, but digital. We know where they are, so we have to make sure that the lives of those criminals are made as difficult as possible,” the Member of Parliament told media outlets on Thursday.
“The moment they can use their bank account that is in Europe, if they even drive one wheel into Europe with their fat Lamborghini, that we still grab them by the scruff of the neck. In order to be able to arrange this, it is important that they are placed on the sanctions list of Europe. Putin’s clique, including cybercriminals, will be put on the sanctions list,” Rajkowski said.
Catch up on more articles here
Follow us on Twitter here