Malware removal
Justice Department Operation Destroys Cyclops Blink Botnet
The Department of Justice said it performed an operation to stop a botnet that was operated by the Russian state-sponsored hacking group Sandworm.
According to the department, it launched a court-authorized operation in March to remove the Cyplocs Blink malware that Sandworm uses for command and control. Officials were able to copy and remove bots from some victim devices out of thousands that were infected by the malware.
DOJ said the operation was effective in disrupting the centralized botnet, Nextgov reported Thursday.
The department worked with officials from the FBI, government agencies in the U.K. and firewall software company WatchGuard for the operation. Devices that use WatchGuard’s technology were reportedly targeted by the malware.
Even though the operation yielded positive results, WatchGuard warned that failure to practice mitigation strategies would leave devices vulnerable to Cyclops Blink.
Matthew Olsen, the assistant attorney general at the DOJ, said the organizations were able to work together to analyze the malware and develop detection and remediation tools. He also noted that the operation is a testament to the department’s commitment to stop state-based hacking through the use of legal tools.
Bryan Vorndran, assistant director of the FBI Cyber Division, said the operation is a sign of the bureau’s commitment to stopping cyber threats through its partnerships, authorities and capabilities.
Category: Federal Civilian