Navigation
  •  

FBI thwarted global Russian cyberattack

FBI Director Christopher Wray addresses the audience during his formal installation ceremony at FBI Headquarters on September 28, 2017. (FBI/Released)
April 07, 2022

The Federal Bureau of Investigation (FBI) announced on Wednesday that it had disrupted Russian hackers by removing malware from devices “used by thousands of mostly small businesses” around the world.

During a press conference, FBI Director Christopher Wray called the effort a “Darknet takedown” that impacts Russian intelligence and the Russian government.  

“Today, we’re announcing a sophisticated, court-authorized operation disrupting a botnet of thousands of devices controlled by the Russian government—before it could do any harm. We removed malware from devices used by thousands of mostly small businesses for network security all over the world. And then we shut the door the Russians had used to get into them,” Wray said.

“Yesterday’s Darknet takedown struck a blow against Russian criminals and the ecosystem of cryptocurrency tumblers, money launders, malware purveyors, and other supporting them,” he continued. “The botnet disruption we’re announcing today strikes a blow against Russian intelligence, the Russian government.”

According to Wray, the disrupted bot network was created by the Russian government’s military intelligence agency known as the GRU.

The specific GRU unit targeted by the FBI was referred to by researchers as Sandworm Team, which had “implanted a specific type of malware known as Cyclops Blink” on thousands of devices, including security appliances that are typically used in home offices and small to mid-sized businesses.

Wray said the bureau is continuing to investigate cyberattacks, but will not wait for investigations to be concluded before implementing a response.   

“We are going to act as soon as we can, with whatever partners are best situated to help, to protect the public,” Wray said.

“The Russian government has shown it has no qualms about conducting this kind of criminal activity, and they continue to pose an imminent threat,” he continued. “And this global botnet disruption, in conjunction with the other actions discussed today, reflect an aggressive effort by the FBI and our partners to go on offense against Russian cyber threats, wherever they appear.”

The Department of Justice also urged people to contact a local FBI Field Office if they believe a device has been compromised.

“The FBI prides itself on working closely with our law enforcement and private sector partners to expose criminals who hide behind their computer and launch attacks that threaten Americans’ safety, security and confidence in our digitally connected world,” Special Agent in Charge Mike Nordwall of the FBI’s Pittsburgh Field Office said in a statement. “The FBI has an unwavering commitment to combat and disrupt Russia’s efforts to gain a foothold inside U.S. and allied networks.”