The US Removed Russian Malware Worldwide

Russian MalwareThe United States said it secretly removed malware from computers around the world in an attempt to head off a Russian cyberattack. The malware allowed Russia to create botnets which are typically used in DDoS attacks to overwhelm websites or services. Read our blog post here on DDoS Attacks.

US Attorney General Merrick Garland made the thwarted attack public saying, “It does not matter how well you conceal your assets. It does not matter how cleverly you write your malware or hide your online activity. The Justice Department will use every available tool to find you, disrupt your plots, and hold you accountable.”

A Russian-linked hacker group installed malware on networking devices built by WatchGuard Technologies and ASUSTek Computer. The companies were aware of the command-and-control system distributing malware and informed their customers to patch and update the network devices. Instead of relying on the customer to patch the routers and firewalls, the DOJ went to the source and removed the underlying malware and reconfigured the devices that allowed the hacker group to control the botnet.

The FBI said it launched an awareness campaign to inform WatchGuard users to patch and update their systems, but less than half of the devices had been updated to the necessary level to keep hackers out.

The botnet could have been used for surveillance or to attack critical infrastructure. American officials said they were not interested in waiting to find out what Russia was planning to do with the fleet of infected network devices. Weeks ago, the Federal Government warned businesses to fortify cybersecurity practices based on intelligence, apparently at the same time they were taking this botnet offline.

“Through close collaboration with WatchGuard and our law enforcement partners, we identified, disrupted and exposed yet another example of the Russian GRU’s hacking of innocent victims in the United States and around the world,” U.S. Attorney Cindy Chung said in a statement.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright