Feds Take Out Massive Russian Botnet Disrupting Kremlin’s Most Dangerous Hackers
Key Points From the Article:
- The FBI recently took down a massive botnet controlled by Russian intelligence.
- Initially, the U.S. government had refrained from directly confronting the Russian intelligence.
- However, after the Ukraine invasion, the Government appears to send a message to Russia that it’s ready to take an offensive approach to mitigate their cyber attacks.
An FBI operation recently shut down a massive botnet that the Russian intelligence controls. The FBI found and removed a malware called Cyclops Blink from the botnets to disrupt Russia’s control over thousands of devices they have infected.
The botnet takeout is good news for America because it’s believed to have been used for several malicious activities, such as:
- Denial-of-Service activities
- Send or bounce messages around the internet
- Stealing important information
After a lengthy investigation, the FBI and Department of Homeland Security decided to take out the Russian botnet.
The two American security agencies tracked down the individuals responsible for operating the botnet and issued warrants for their arrest. More importantly, the government is working with service providers to disable all computers that are part of the botnet, but let’s start from the basis.
The Core of Botnet
Botnets are a network of hijacked devices on the internet, co-opted to execute cyber attacks and scams. The Russians have been using their botnet to attack facilities.
An attacker can turn any vulnerable computer into a botnet. The Russians identified vulnerabilities that most people don’t patch and used them to turn thousands of computers into a botnet. After turning your computer into a botnet, the attacker uses it to execute attacks like Denial-of-Servers (DoS) and send bounce messages around the internet.
The Russian botnet is like a quiet army that the Russian intelligence controls. When discussing vulnerabilities and devices, you should know what to patch. Otherwise, attackers can turn your computers into a botnet.
The FBI Taking Out The Russian Intelligence Botnet
Earlier, the U.S. government didn’t want to directly confront the Russian intelligence, as it would appear as a state confronting another state. However, after the Russian invasion of Ukraine, the FBI decided to take the Russian botnet down.
The takedown is a new and positive development in the cyber warfare that the world has experienced for the last few years. The FBI removed a malware called Cyclops Blink from the Russian botnet that an organization called Sandworm runs.
The Sandworm — The New Era of Cyberwar and Most Dangerous Russian Hacker
Sandworm is a notorious cyber attacker that has been linked to several high-profile incidents, including:
- NotPetya outbreak
- The attack on the Ukrainian power grid
- Blowing up Saudi Arabia’s petrochemical plant
- Attack on Viasat Satellite Network
The group, which is believed to be based in Russia, is thought to be responsible for a range of cyber-attacks across the globe.
While the full extent of their capabilities is not yet known, Sandworm is considered a highly sophisticated and dangerous threat. In recent years, the group has increasingly targeted critical infrastructure, raising fears that they could one day launch a devastating attack that could cause widespread disruption.
The U.S. government decided to keep track of Sandworm activities and work to neutralize their threat.
The Russian intelligence manages Sandworm — meaning the organization is not even state-supported, but state-sponsored. The organization has executed dangerous acts of war.
The shutdown sends a message to the Russians that they can’t continue with cyber attacks anymore and that the world has changed since they attacked Ukraine. The Russians should know that the USA is ready to take the offensive approach on the botnet networks that they have built for cyber attacks.
The Operation Mechanism of Botnet Attacks
After a botnet takes control of devices, it bypasses typical security filters that look for attacks from places like Eastern Europe and Russia. Instead, the security filters start registering data transmissions from a site in Nashville, Tennessee.
Since your security system is not designed to consider Nashville transmission as a threat, you’ll get multiple streams of traffic coming from multiple state-side devices that have been compromised.
Your firewall will get overwhelmed, and the attacker will start injecting codes into your system.
The Russian botnet achieved such an attack on the Saudi petrochemical plant. The hackers were trying to inject some code that would cause the industrial machinery and plant to malfunction and eventually lead to an explosion. Such botnet attacks can be very dangerous.
The Untold Story of Sandworm Trying to Deploy the Wiper Malware
One thing that the Russian tried with the botnet was to deploy a destructive wiper malware targeting Viasat’s satellite network over Ukraine and Europe.
A wiper is a type of malware designed to delete data on a target system irreversibly.
Unlike other types of malware, which may simply encrypt files or steal information, a wiper is intended to destroy the data on a system, making it unusable. The malware is designed to completely wipe out the operating system and all the data from a device.
Wipers are often used in targeted attacks against businesses or critical infrastructure, where the attackers seek to cause maximum disruption. The Russians successfully used the Wiper in the initial stage of the war.
The malware is usually spread via phishing or clicking on compromised links. Once the malware is installed on your PC, it’ll spread throughout the network and wipe out everything on PCs in your network to the point where they’re entirely useless.
Given the destructive nature of this type of malware, businesses and individuals should take measures to protect themselves against wipers and other types of malware. Cybersecurity solutions such as antivirus software and firewalls can help block known threats, while regular backups can ensure business continuity in the event of an attack.
Why The Russian Targeted Viasat Satellite Network
Viasat Network provides audio and video communication over Europe, particularly in Ukraine. The Ukrainian government uses it to communicate with all their cities and all their military bases, in addition to landlines.
The reason Russians attacked Viasat Satellite was to destroy the network by destroying the ground stations so that Ukraine remain blind and unable to communicate with each other, troops, and government officials.
Alvarez Technology Group Will Help Your Business Protect Itself From Cyber Warfare
There is an increasing concern about cyberwar techniques against commercial organizations. Businesses of all sizes should prepare for cyber attacks by foreign entities worldwide. Alvarez Technology Group consistently discusses cyber warfare to ensure you have a defense line to protect you against attacks.
Contact us today for layered security solutions that offer the best protection against cyber attacks.