The United States announced last Wednesday that it had secretly removed a Russian malware from devices targeting thousands of small to medium businesses around the world. This news was announced by both the Federal Bureau of Investigation (FBI) Director Christopher Wray and Attorney General Merrick Garland. This is another development of Russian warfare, not just in Ukraine but also in the digital realm anywhere in the world.

FBI Director Christopher Wray announced the move, saying that it had conducted a sophisticated, court-authorized operation disrupting a “botnet” created by the Russian government’s intelligence agency, the GRU, specifically the GRU’s Sandworm Team. The botnet had allegedly infiltrated thousands of devices in several parts of the world.

“Today, we’re announcing a sophisticated, court-authorized operation disrupting a botnet of thousands of devices controlled by the Russian government—before it could do any harm. We removed malware from devices used by thousands of mostly small businesses for network security all over the world. And then we shut the door the Russians had used to get into them,” he stated.

Director Christopher Wray addresses the audience during his formal installation ceremony at FBI Headquarters on September 28, 2017 (Federal Bureau of Investigation (FBI), Public domain, via Wikimedia Commons). Source: https://commons.wikimedia.org/wiki/File:Director_Wray_Installation_Ceremony_(24123110718).jpg
Director Christopher Wray addresses the audience during his formal installation ceremony at FBI Headquarters on September 28, 2017 (Federal Bureau of Investigation (FBI), Public domain, via Wikimedia Commons).

In a separate news conference, Attorney General Merrick Garland announced the same operation for transparency.

“Fortunately, we were able to disrupt this botnet before it could be used. Thanks to our close work with international partners, we were able to detect the infection of thousands of network hardware devices. We were then able to disable the GRU’s control over those devices before the botnet could be weaponized.”

Attorney General Merrick Garland delivered remarks to DOJ employees highlighting his goals and priorities (The United States Department of Justice, Public domain, via Wikimedia Commons). Source: https://commons.wikimedia.org/wiki/File:Attorney_General_Merrick_Garland_delivers_remarks_to_DOJ_employees.jpg
Attorney General Merrick Garland delivered remarks to DOJ employees highlighting his goals and priorities (The United States Department of Justice, Public domain, via Wikimedia Commons)

According to Wray, the malware known as “Cyclops Blink” was implanted on several thousand of WatchGuard Technologies’ Firebox devices and ASUSTek Computer Inc. (ASUS) devices. He explained that the Fireboxes were essentially firewalls typically used by small to medium-sized businesses to protect their computer systems and servers and that they were also common in home offices.

Sandworm would then combine these malware all together through their cyber technology and launch a series of orchestrated denial of service attacks. These distributed denial of service attacks, also known as DDoS attacks, are known in the cyber world as an attempt to disrupt a network’s normal traffic by overwhelming a system with internet traffic. In simple terms, it is like a traffic jam that prevents drivers from getting to their destination, preventing the person from becoming productive as they are stuck in traffic.

The botnet, comprised of individual bots, would send huge numbers of requests to the target’s IP address, leaving it overwhelmed so that the user cannot use its server or device. A DDoS is different from a denial-of-service (DoS) attack as DDoS utilizes multiple sources to launch the attack simultaneously, while a DoS attack would just come from one source. This is why a DDoS attacker is harder to pinpoint.