Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Botnet Security Technology

FBI Operation Aims To Take Down Massive Russian GRU Botnet (techcrunch.com) 12

The Federal Bureau of Investigation has disclosed it carried out an operation in March to mass-remove malware from thousands of compromised routers that formed a massive botnet controlled by Russian intelligence. From a report: The operation was authorized by courts in California and Pennsylvania, allowing the FBI to copy and remove the so-called Cyclops Blink malware from infected Asus and WatchGuard routers across the U.S., severing the devices from the servers that remotely control and send instructions to the wider botnet. The Justice Department announced the March operation on Wednesday, describing it as "successful," but warned that device owners should still take immediate action to prevent reinfection.

The Justice Department said that since the news first emerged about the rising threat of Cyclops Blink in February, thousands of compromised devices have been secured, but justified the court-ordered operation because the "majority" of infected devices were still compromised just weeks later in mid-March. Cyclops Blink is believed to be the successor to VPNFilter, a botnet largely neglected after it was exposed by security researchers in 2018 and later targeted by a U.S. government operation to disrupt its command and control servers. Both Cyclops Blink and VPNFilter are attributed to Sandworm, a group of hackers working for Russia's GRU, the country's military intelligence unit.

This discussion has been archived. No new comments can be posted.

FBI Operation Aims To Take Down Massive Russian GRU Botnet

Comments Filter:
  • FBI forgot the evil Chinese! /irony
  • by luvirini ( 753157 ) on Wednesday April 06, 2022 @12:52PM (#62422796)

    If the thing was found in February, why is the majority of devices still infected?

    Can the manufacturer not send into to all registered users of the devices with the known security bug?

    Can the ISPs not detect the problem and send letters to the users?

    and so on..

    I know most home routers are kind of questionable in design but should we not demand more in terms of response to know threats that are actually exploited on large scale?

    • If the thing was found in February, why is the majority of devices still infected?

      Can the manufacturer not send into to all registered users of the devices with the known security bug?

      Can the ISPs not detect the problem and send letters to the users?

      In my travels of late, most home users have an ISP-provided router. Aftermarket routers still exist to some extent, but well over half of the households I find myself in stick to the ISP-provided unit. Said routers don't typically let users upgrade their firmware and the vendors who have those sweet ISP contracts don't typically provide firmware updates to end users, even if they wanted to. Regardless of that reality, if the routers are infected, it's particularly difficult for users to be impacted. As long

    • 1. Lots of device manufacturers stop caring once they are paid for the device.
      2. Even if device manufacturers don't suck, lots of device users never bother to even look for software updates unless it's in your face via a notification, much less actually apply them regularly.

      This has been a problem for years, and will continue being a problem for years more, because Johnny P. Wallet isn't a network administrator, and doesn't give two fucks that his router has updated software on it, as long as it's still rou

  • What about the Minions?

  • In Soviet Russia, GRU eats you!

It's currently a problem of access to gigabits through punybaud. -- J. C. R. Licklider

Working...