page = krebs on security – in-depth security news and …
url = https://krebsonsecurity.com
The U.S. Federal Bureau of Investigation (FBI) says it has disrupted a giant botnet built and operated by a Russian government intelligence unit known for launching destructive cyberattacks against energy infrastructure in the United States and Ukraine. Separately, law enforcement agencies in the U.S. and Germany moved to decapitate “ Hydra ,” a billion-dollar Russian darknet drug bazaar that also helped to launder the profits of multiple Russian ransomware groups.
FBI officials said Wednesday they disrupted “ Cyclops Blink ,” a collection of compromised networking devices managed by hackers working with the Russian Federation’s Main Intelligence Directorate (GRU).
A statement from the U.S. Department of Justice (DOJ) says the GRU’s hackers built Cyclops Blink by exploiting previously undocumented security weaknesses in firewalls and routers made by both ASUS and WatchGuard Technologies . The DOJ said it did not seek to disinfect compromised devices; instead, it obtained court orders to remove the Cyclops Blink malware from its “command and control” servers — the hidden machines that allowed the attackers to orchestrate the activities of the botnet.
The FBI and other agencies warned in March that the Cyclops Blink malware was built to replace a threat called “ VPNFilter ,” an earlier malware platform that targeted vulnerabilities in a number of consumer-grade wireless and wired routers . In May 2018, the FBI executed a similar strategy to dismantle VPNFilter, which had spread to more than a half-million consumer devices.
On April 1, ASUS released updates to fix the security vulnerability in a range of its Wi-Fi routers. Meanwhile, WatchGuard appears to have silently fixed its vulnerability in an update shipped almost a year ago , according to Dan Goodin at Ars Technica. Continue reading →
Actions Target Russian Govt. Botnet, Hydra Dark Market