Sign up now for FREE unlimited access to Reuters.com Register WASHINGTON, April 6 (Reuters) – The US Federal Bureau of Investigation has seized control of thousands of routers and firewalls from Russian military hackers, stealing the same infrastructure used by Moscow spies to communicate with . An unsealed affidavit described the unusual operation as a precautionary measure to stop Russian hackers from mobilizing compromised devices into a “botnet” – a network of hacked computers that can bomb other fraudulent servers. “Fortunately, we were able to shut down this botnet before it could be used,” said Attorney General Merrick Garland. Sign up now for FREE unlimited access to Reuters.com Register The Russian embassy in Washington did not immediately send an e-mail requesting comment. The targeted botnet was controlled by malicious software called Cyclops Blink, which US and UK cyber-defense services had publicly attributed to Sandworm in late February, one of the Russian military intelligence services that has been repeatedly accused of cyber attacks. Cyclops Blink was designed to steal devices manufactured by WatchGuard Technologies Inc. (WTCHG.UL) and ASUSTeK Computer Inc. (2357.TW), according to a survey by private cybersecurity companies. Provides Russian services with access to these compromised systems, allowing remote access or deletion of data or turning devices against third parties. Watchguard issued a statement confirming that it had worked with the US Department of Justice to disrupt the botnet, but did not disclose the number of devices affected – saying only that they accounted for “less than 1 percent of WatchGuard devices”. AsusTek, better known as Asus, did not immediately respond to requests for comment. FBI Director Chris Wray told reporters that the FBI, with the court’s approval, had sneaked into thousands of routers and firewall devices to remove malware and reset the devices. “We’ve removed malware from devices used by thousands, especially small businesses, for network security around the world,” Wray said. “We closed the door that the Russians had used to enter.” The affidavit states that US officials have launched an awareness campaign “to inform WatchGuard device owners of the steps they need to take to recover from infections or vulnerabilities” and yet less than half of the devices have been repaired to expel them. The affidavit noted that the FBI had carried out its work in collaboration with WatchGuard. The announcement came amid a series of new sanctions against Russian banks and elites, days after gloomy images of civilians being shot at near the city of Bukha. read more Russia says its “special military operation” is aimed at demilitarizing and “rewarding” Ukraine, and has denied that it targeted civilians. Sign up now for FREE unlimited access to Reuters.com Register Report by Sarah N. Lynch. Writes Raphael Satter. Satter and Christopher Bing also contributed to the report. Edited by David Gregorio Our role models: The Thomson Reuters Trust Principles.
