When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

FBI secretly removes Russian malware that took over network devices across the globe

According to the US Department of Justice (DoJ), a court-authorized FBI operation removed "Cyclops Blink" which was a Russia-induced malware that affected thousands of devices over the world.

Malware stock photo

The DoJ still recommends reviewing the initial February 23 advisory released by the United Kingdom’s National Cyber Security Centre, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the FBI and the National Security Agency to secure and protect compromised devices.

The operation was conducted in March 2022 and disrupted a two-tiered global botnet that was in control of thousands of infected network hardware devices. The operation copied and removed malware from vulnerable internet-connected firewall devices that were being used for command and control (C2) of the underlying botnet. Although no direct connection was made, the disabling of the C2 mechanism severed the bots from the devices' control.

Assistant Attorney General G. Olsen of the Justice Department’s National Security Division said:

“This court-authorized removal of malware deployed by the Russian GRU demonstrates the department’s commitment to disrupt nation-state hacking using all of the legal tools at our disposal.

By working closely with WatchGuard and other government agencies in this country and the United Kingdom to analyze the malware and develop detection and remediation tools, we are together showing the strength that public-private partnership brings to our country’s cybersecurity. The department remains committed to confronting and disrupting nation-state hacking, in whatever form it takes.”

The Cyclops Blink malware targets network devices manufactured by WatchGuard Technologies Inc. (WatchGuard) and ASUSTek Computer Inc. (ASUS). The network devices are often located on the perimeter of a victim's computer network, thereby providing the potential ability to conduct malicious activities against all computers within those networks.

If you believe you have a compromised device, the DoJ advises you to contact your local FBI Field Office for assistance.

Report a problem with article
Stock image of Bitcoin and US Dollars
Next Article

Learn Basics of Cryptocurrency for Free with this 4-Week Course

The Windows 11 logo with the stock wallpaper on the background
Previous Article

Microsoft proudly explains how the internal rollout of Windows 11 was its smoothest ever

Join the conversation!

Login or Sign Up to read and post a comment.

2 Comments - Add comment