Tweet
In March, the Federal Bureau of Investigation (FBI) took down a large-scale botnet belonging to a Russian state-sponsored threat actor known as Sandworm.
According to a TechCrunch report, Sandworm infected thousands of endpoints with Cyclops Blink malware, successor to the now-defunct VPNFilter. Cyclops Blink allows Sandworm to conduct cyber espionage, launch distributed denial of service (DDoS) attacks, brick compromised devices and disrupt networks.
After receiving the green light from courts in California and Pennsylvania, the FBI removed Cyclops Blink from its C2 servers, disconnecting thousands of compromised endpoints. The Justice Department said the raid was a success, but still advised device owners to review the initial advisory and further secure their devices.
TechRadar needs you!
We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.
Cyclops Blink had been active since February, the Department of Justice (DoJ) said, and while law enforcement had managed to secure some of the compromised devices, the majority were still infected and in use by the threat actors.
“The operation did not involve any FBI communications with bot devices,” the DoJ added.
Sandworm is a known threat actor working for the GRU, Russia’s military intelligence unit. It is also known as Voodoo Bear and Electrum, and was responsible for the DDoS attacks in Georgia in 2008, as well as for the power outage in Ukraine, back in 2015.
Read more
According to the nonpartisan membership organization Council on Foreign Affairs, Sandworm mostly targets industrial control systems, using a tool known as Black Energy. Besides cyber-espionage, the group is often engaged in DoS attacks, and is allegedly behind the 2017 NotPetya campaign.
The same year, it spear-phished political parties, and local government agencies in France, including those related to the president. And in 2020, the US National Security Agency (NSA) accused the group of targeting email services worldwide.
“The actors exploited victims using Exim software on their public-facing MTAs by sending a command in the “MAIL FROM” field of an SMTP (simple mail transfer protocol) message,” the NSA said at the time.
[ul]
[li]Protect against downtime and speed up your website with the best CDN providers around[/li][/ul]
Via TechCrunch
Continue reading…
According to a TechCrunch report, Sandworm infected thousands of endpoints with Cyclops Blink malware, successor to the now-defunct VPNFilter. Cyclops Blink allows Sandworm to conduct cyber espionage, launch distributed denial of service (DDoS) attacks, brick compromised devices and disrupt networks.
After receiving the green light from courts in California and Pennsylvania, the FBI removed Cyclops Blink from its C2 servers, disconnecting thousands of compromised endpoints. The Justice Department said the raid was a success, but still advised device owners to review the initial advisory and further secure their devices.
TechRadar needs you!
We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.
Click here to start the survey in a new window p>
[HEADING=1]Russian threat actors[/HEADING]
[HEADING=1]Russian threat actors[/HEADING]
“The operation did not involve any FBI communications with bot devices,” the DoJ added.
Sandworm is a known threat actor working for the GRU, Russia’s military intelligence unit. It is also known as Voodoo Bear and Electrum, and was responsible for the DDoS attacks in Georgia in 2008, as well as for the power outage in Ukraine, back in 2015.
Read more
Russian cyberattacks were reportedly set to target Tokyo Olympics
Russian criminals accused of hacking this top email service
NotPetya attack - three years on, what have we learned?
Russian criminals accused of hacking this top email service
NotPetya attack - three years on, what have we learned?
The same year, it spear-phished political parties, and local government agencies in France, including those related to the president. And in 2020, the US National Security Agency (NSA) accused the group of targeting email services worldwide.
“The actors exploited victims using Exim software on their public-facing MTAs by sending a command in the “MAIL FROM” field of an SMTP (simple mail transfer protocol) message,” the NSA said at the time.
[ul]
[li]Protect against downtime and speed up your website with the best CDN providers around[/li][/ul]
Via TechCrunch
Continue reading…