US Disrupts 'Cyclops Blink' Botnet by Hacking Infected Devices

pcmag.com:

The US says it has disrupted the “Cyclops Blink” botnet by hacking into some of the infected devices and removing the malware onboard. 

The FBI did so by securing a court order that permitted federal agents to scrub the malware from command-and-control (C2) devices in the botnet, the Justice Department said on Wednesday. 

The US blames Russia’s military intelligence, the GRU, for creating the botnet as a way to spy on company networks. Back in February, federal officials warned that a new strain of Linux-based malware, called Cyclops Blink, had been found targeting vulnerable routers and firewall devices from PC maker Asus and network security provider WatchGuard.   

Once it infects, Cyclops Blink can allow a hacker to remotely upload and download files to the device, including other malicious payloads. It can also be used to modify and disable the firewall device. Since Cyclops Blink receives instructions from a list of C2 machines, infected devices operate as an army of enslaved computers, also known as a botnet. 

Cyclop Blinks spanned thousands of devices, including hundreds found in the US. But on Wednesday, the Justice Department said FBI investigators had disabled the C2 mechanisms behind the botnet, thus neutralizing the threat. 

In court documents, the FBI said it began analyzing the malware last year, and noticed it communicated to dozens of IP addresses belonging to C2 devices that run the botnet. In January, the FBI then identified one of the C2 devices in the US, and obtained the machine with the owner’s consent.

This helped federal agents develop “a means of impersonating” the hacker’s control panel to send commands to the malware. The FBI then asked for a court warrant to send instructions to the rest of