Already building a formidable botnet network, the malware spread by the Russian intelligence agency GRU was just waiting for orders to launch attacks on critical IT infrastructure elements from government institutions and private companies in “unfriendly” countries.
According to the US Department of Justice, the malware created by the Sandworm group (an entity closely linked to the GRU and the Kremlin) was designed to penetrate firewalls and compromise as many private networks as possible by infecting vulnerable devices (especially routers). network). The compromised equipment was included in a botnet called Cyclops Blink and left pending instructions. Russia could target with DDoS attacks based on the distributed power of private networks virtually any target in the online space, respectively, create even more chaos by directly blocking compromised network equipment.
The list of zero-priority targets certainly included financial institutions, infrastructure elements, and the electricity grid, including in the United States.
According to the FBI, the vast botnet network discovered in February was neutralized before Russia could launch cyber attacks with it, with malware being secretly removed from network equipment around the world. According to the official press release, the FBI notified U.S. owners of the compromised devices before the Cyclops Blink threat was formally identified on February 23. At the same time, procedures for notifying companies abroad have been initiated through the authorities in the country of origin.
At least in the United States, the FBI has taken legal action, including obtaining permission to remotely remove malware found in the computer infrastructure of US companies using its own means, thus gaining valuable time to stop Russian aggression. In other parts of the world, on the other hand, the operation was carried out by more conventional methods, counting on notifying IT managers and waiting for the necessary remedies to be applied manually.
In recent months, the Biden administration has been lavishly revealing information about Russia’s plans and attacks, with the intention of discouraging as many of them as possible from diminishing options left to President Putin. Coming with this revelation that the Sandworm group has infiltrated networks around the world to create a bot network, the US authorities have tacitly confirmed the existence of a real cyber war waged by Russia, which could affect many other countries besides Ukraine.