The U.S. Department of Justice has squashed a major “botnet” operation linked to Russia’s military and intelligence unit, Attorney General Merrick B. Garland announced on Wednesday.
Although the news was soon overshadowed by Garland’s positive COVID diagnosis, the cybersecurity offensive announced Wednesday was part of an update on various actions the U.S. Government is taking against Russia and its invasion of Ukraine.
Since early March, the DOJ and a coalition of other agencies including the FBI and Department of Homeland Security have been investigating and prosecuting various Russian criminals under a new unit dubbed the “KleptoCapture Task Force.”
Some recent actions the task force has undertaken include shutting down the illegal Hyrda marketplace that’s hosted on the dark web and seizing the $120 million Tango superyacht owned by Russian oligarch Viktor Vekselberg, who allegedly has close ties to Russian President Vladimir Putin.
“Our message to those who continue to enable the Russian regime through their criminal conduct is this: It does not matter how far you sail your yacht,” Garland said in a statement.
“It does not matter how well you conceal your assets. It does not matter how cleverly you write your malware or hide your online activity. The Justice Department will use every available tool to find you, disrupt your plots, and hold you accountable.”
Operation Sandworm botnet
The DOJ said the Russian-linked Sandworm hacker group was behind the botnet operation. The Sandworm group built a command-and-control system that distributed a kind of malware called Cyclops Blink to thousands of networking devices built by WatchGuard Technologies and ASUSTek Computer.
The KleptoCapture task force somehow infiltrated Sandworm’s command-and-control system and removed the underlying malware that allowed the group to control its fleet of infected networking devices. Although the task force was able to remove the malware at the heart of Sandworm’s hacking operation, it was unable to wipe out the virus from infected networking devices.
The DOJ did not say what information the Sandworm group was trying obtain from victims through its hacking, but presumably it involves government espionage and spying by the Russian intelligence agencies.
WatchGuard Technologies and ASUSTek Computer previously told their customers to install software patches to prevent hacking attempts involving the Cyclops Blink malware.
“Through close collaboration with WatchGuard and our law enforcement partners, we identified, disrupted and exposed yet another example of the Russian GRU’s hacking of innocent victims in the United States and around the world,” U.S. Attorney Cindy Chung said in a statement.
Never miss a story: Follow your favorite topics and authors to get a personalized email with the journalism that matters most to you.