FBI Claims Success In Recovering Routers And Firewalls From Russian Hackers

The FBI has successfully reclaimed a network hacked by Russian hackers. (photo; pixabay)

JAKARTA - The US Federal Bureau of Investigation (FBI) has wrested control of thousands of routers and firewall equipment from Russian military hackers by hijacking the same infrastructure Moscow spies use to communicate with them. This was explained by US officials, Wednesday, March 6.

An unsealed redacted affidavit describes the unusual operation as a precautionary measure to stop Russian hackers from mobilizing compromised devices into a "botnet" - a network of hacked computers that can bombard other servers with malicious traffic.

"Fortunately, we were able to disrupt this botnet before it could be used," said US Attorney General Merrick Garland, as quoted by Reuters.

The Russian Embassy in Washington, meanwhile, did not immediately return an email seeking comment from Reuters, on Garland's remarks.

The targeted botnet is then controlled via malware called Cyclops Blink, which US and UK cyber-defense agencies publicly linked in late February to “Sandworm.” It is suspected of being one of the hacking teams of Russia's military intelligence service which has been repeatedly accused of carrying out cyberattacks on the West.

Cyclops Blink is designed to hijack other devices. According to research by a private cybersecurity company, this device is made by WatchGuard Technologies Inc and ASUSTeK Computer Inc). The device gave Russian services access to the compromised system. The device also offers the ability to extract or wipe data remotely or turn the device against third parties.

Watchguard issued a statement confirming it was working with the US Department of Justice to disrupt the botnet but did not disclose the number of devices affected. They simply say they represent "less than 1 percent of WatchGuard equipment."

AsusTek, better known as Asus, did not immediately reply to a message seeking comment from Reuters on this matter.

FBI director Chris Wray told reporters that the FBI, with court approval, was secretly reaching out to thousands of routers and firewall equipment to remove malware and reconfigure infected devices.

"We remove malware from devices used by thousands of mostly small businesses for network security around the world," said Wray. "We closed the door the Russians used to get in."

The affidavit notes that US officials launched an awareness campaign "to inform WatchGuard device owners of the steps they should take to recover from infections or vulnerabilities" and less than half of devices have been fixed to repel hackers. The affidavit notes that the FBI has also been doing its job, working closely with WatchGuard.

The announcement comes amid a series of newly announced sanctions against Russian banks and elites. The new sanctions come days after terrifying images emerged of the bodies of civilians shot by Russian soldiers at close range in the city of Bucha.

Russia says its "special military operation" is aimed at the demilitarization and "denazification" of Ukraine, and has denied targeting civilians.