U.S. and British government agencies repelled a large-scale Russian cyber attack last month. Had authorities not intervened, thousands of companies and organizations worldwide could have fallen victim to malware called Cyclops Blink. Hacker group Sandworm was allegedly responsible for the attack. So writes the U.S. Department of Justice in a press statement.
A day before the Russian invasion of Ukraine, the National Cyber Security Centre (NCSC), Cybersecurity and Infrastructure Security Agency (CISA), FBI and NSA warned of Cyclops Blink. The malware, developed by Sandworm, a hacker group affiliated with the Russian military secret service GRU, could steal and delete data and add computers to a global botnet.
The malware specifically targeted devices from WatchGuard Technologies and ASUS. Both manufacturers sent warning messages to their customers. In them, they asked them to update their devices as soon as possible and plug the security hole. Thousands of business and residential customers responded.
In mid-March, U.S. security agencies noticed that a significant portion of the devices had not yet been patched, possibly because the owners did not have the technical knowledge to do so. Thereupon, the Department of Justice went to court with a request to remove the malware, without owner approval, from these devices. The court granted permission to do so. In doing so, the U.S. and British government agencies prevented thousands of victims worldwide.
FBI Director Chris Wray says it was necessary to secretly break into thousands of routers and firewall applications to remove Cyclops Blink. "We removed the malware from devices used by thousands of small businesses around the world to secure their networks. We closed the door before the Russians had a chance to get in," Wray told the U.S. news agency Reuters.
Despite the intervention of American and British security forces, the systems are still infected. However, the settings have been changed such that Russian hackers no longer have access. The Justice Department is urging everyone to still update the software on their devices. A WatchGuard Technologies spokesman told Reuters that "less than 1 percent" of all devices were infected with the hacker group's malware.
Even before the outbreak of war in Ukraine, a fierce digital war is raging between Russia and the neighboring country. Hackers from both camps and sympathizers are attacking Russian and Ukrainian government services, financial institutions and other targets. The Kremlin warned last week that the "cyber aggression" against the country must end. If not, there will be "serious consequences for the instigators and perpetrators."
Queeny Rajkowski (VVD) wants Russian hackers, like wealthy oligarchs, to be placed on a European sanctions list. According to her, they attack Dutch companies, educational institutions and government services almost daily, purely for the money. "They are ordinary criminals, but digital. We know where they are so we have to make sure to make the lives of those criminals as difficult as possible," the MP told RTL News on Thursday.
"The moment they can make use of their bank account that is in Europe, if they drive even one wheel with their fat Lamborghini into Europe, that we still grab their necks. For that to happen, it is important that they get on Europe's sanctions list. That Putin's clique, including cyber criminals, get on the sanctions list," Rajkowski said.
