Russian Cyclops Blink botnet shot down by the USA

Malware and virus security The FBI has eliminated the malware used to create the Cyclops Blink botnet, operated by the Russian Sandworm group, from users' devices.

The United States Department of Justice announced that it had dismantled the Cyclops Blink botnet after receiving clearance from the judge. The managers are part of the Sandworm group, one of the many financed by GRU, the information service of the Russian armed forces. Among the most affected devices are WatchGuard's firewalls and ASUS's routers. The FBI eliminates malware from devices The malware exploited by Sandworm to create the Cyclops Blink botnet (heir to VPNFilter) has been identified mainly in the devices of WatchGuard and ASUS. Russian cybercriminals gained remote control (and therefore access to the network) through a firmware update. The devices of unsuspecting users have been divided into two groups, one made up of bots / clients and one of those that operate as command-and-control (C2) servers connected to the Tor network managed by Sandworm. ADVERTISEMENT After receiving clearance from the judge on March 18, the FBI removed the malware from all C2 devices that did not have the latest firmware installed. The federal agency also closed the doors used for access, thus preventing remote management by Sandworm. However, this intervention did not affect the bot devices, so users must follow the directions of WatchGuard and ASUS to eliminate the malware. Before starting the "cleanup" of the malware, the FBI contacted the owners of the C2 devices. The script was only used to eliminate the malware. No information from the victims' networks was sought or collected. ADVERTISEMENT Source: Department of Justice

COMMENT: as we read in the article, most users must eliminate the malware by following the instructions. But how many will do it? We need more effective tools to defend ourselves, such as the software we offer.

FBI BOTNET ARTICLE