The US Department of Justice announced Wednesday a court-authorized operation, carried out in March 2022, to disrupt a two-tier global botnet made up of thousands of infected network hardware devices under the control of a threat agent known to security researchers such as Sandworm, which the US government previously attributed to the Chief Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).
The operation copied and removed malware from vulnerable internet-connected ibfirewall devices that Sandworm used for command and control (C2) of the underlying botnet. Although the operation did not involve access to Sandworm malware on the thousands of victims' underlying devices around the world, called “bots,” disabling the C2 mechanism separated those bots from control of Sandworm's C2 devices, according to a statement from the US Department of Justice.
“This court-authorized removal of malware deployed by the Russian GRU demonstrates the department's commitment to disrupting piracy by nation-states using all the legal tools at our disposal,” said Deputy Attorney General Matthew G. Olsen of the National Security Division of the Department of Justice. “By working closely with WatchGuard and other government agencies in this country and the UK to analyze malware and develop detection and remediation tools, we are showing together the strength that public-private partnership brings to our country's cybersecurity,” he added.
“Through close collaboration with WatchGuard and our law enforcement partners, we have identified, disrupted and exposed another example of Russian GRU hacking against innocent victims in the United States and around the world,” said U.S. Attorney Cindy K. Chung for the Western District of Pennsylvania, according to a statement issued by the Department of Justice. “Such activities are not only criminal, but they also threaten the national security of the United States and its allies. My office remains committed to working with our partners in the Division of Homeland Security, the FBI, foreign law enforcement agencies and the private sector to defend and maintain our nation's cybersecurity,” he added.
“This operation is an example of the FBI's commitment to combating cyber threats through our unique authorities, capabilities and coordination with our partners,” said Deputy Director Bryan Vorndran of the FBI's Cyber Division. “As the leading national law enforcement and intelligence agency, we will continue to pursue cyber actors who threaten the national security and public safety of the American people, our private sector partners, and our international partners.”
“The FBI is proud to work closely with our law enforcement and private sector partners to expose criminals who are hiding behind their computers and launching attacks that threaten the security, safety and trust of Americans in our digitally connected world,” the agent said. Special by Mike Nordwall of the FBI Field Office in Pittsburgh. “The FBI has an unwavering commitment to combat and disrupt Russia's efforts to gain a foothold within the networks of the United States and its allies,” he said.
KEEP READING: