The Federal Bureau of Investigation has gained control of thousands of Internet routers and hardware firewalls previously hacked by Russian military hackers, using the same tools Moscow cybercriminals used to communicate with the devices, the U.S. Justice Department said.
The published statement described proactive measures to prevent Russian hackers from attempting to gather information from compromised “botnet” devices, a network of compromised computers through which hackers can attack other servers with streams of Internet traffic.
“Fortunately, we were able to prevent the formation of this botnet before it was exploited,” said U.S. Attorney General Merrick Garland.
The Russian embassy in Washington has not yet responded to a request for comment on the DOJ report.
The botnet assembled by the hackers was controlled by the Cyclops Blink virus program, which U.S. and British cybersecurity agencies attributed in late February to the Sandworm, an alleged hacker group controlled by Russian military intelligence. The group has previously been repeatedly accused of other cyber attacks.
Cyclops Blink was designed to hack devices manufactured by WatchGuard Technologies Inc and ASUSTeK Computer Inc, according to private cybersecurity firms. The program allows Russian hackers to gain access to their hacked systems, giving them the ability to remotely remove or delete data and use the devices to attack other networks.
WatchGuard issued a statement, confirming its cooperation with the Ministry of Justice to prevent a botnet, but did not disclose the number of affected devices, noting that it was “less than 1% of all WatchGuard-produced devices.
AsusTek, also known as Asus, has not yet responded to a request for comment.
FBI Director Chris Wray told reporters that the agency he heads has secretly accessed thousands of routers and hardware firewalls with court permission to remove the virus and reconfigure the devices.
“We removed the virus from devices used by thousands of mostly small companies to support network security around the world,” Ray said. – We have closed the door that the Russians used to infiltrate other networks.”
The published document notes that the U.S. government has launched an awareness campaign to make WatchGuard device owners aware of the steps they should take to prevent hacker attacks. It also reports that so far less than half of the devices previously seized by hackers have been controlled.