Agnostic.com

3 10

U.S. says it secretly removed malware worldwide, preempting Russian cyberattacks.

By David E. Sanger and Kate Conger, The New York Times

The United States said on Wednesday that it had secretly removed malware from computer networks around the world in recent weeks, a step to preempt Russian cyberattacks and send a message to President Vladimir Putin of Russia.

The move, made public by Attorney General Merrick Garland, comes as U.S. officials warn that Russia could try to strike American critical infrastructure — including financial firms, pipelines and the electric grid — in response to the crushing sanctions that the United States has imposed on Moscow over the war in Ukraine.

The malware enabled the Russians to create “botnets” — networks of private computers that are infected with malicious software and controlled by the GRU, the intelligence arm of the Russian military. But it is unclear what the malware was intended to do, since it could be used for everything from surveillance to destructive attacks.

A U.S. official said Wednesday that the United States did not want to wait to find out. Armed with secret court orders in the United States and the help of governments around the world, the Justice Department and the FBI disconnected the networks from the GRU’s own controllers.

“Fortunately, we were able to disrupt this botnet before it could be used,” Garland said.

The court orders allowed the FBI to go into domestic corporate networks and remove the malware, sometimes without the company’s knowledge.

“They are engaged in a cyberwar there that is pretty intense, but it is targeted,” said Tom Burt, a Microsoft executive who oversees the company’s efforts to counter major cyberattacks and shut down an attack in Ukraine during the opening of the war.

Security experts suspect that Russia may be responsible for other cyberattacks that have occurred since the war began, including on Ukrainian communications services, although investigations into some of those attacks are ongoing.

In January, as diplomats from the United States prepared to meet with their Russian counterparts in an attempt to avoid military conflict in Ukraine, Russian hackers already were putting the finishing touches on a new piece of destructive malware.

The code was designed to delete data and render computer systems inoperable. In its wake, the malware left a note for victims, taunting them about losing information. Before U.S. and Russian representatives met for a final attempt at diplomacy, hackers had already begun using the malware to attack Ukrainian critical infrastructure, including government agencies responsible for food safety, finance and law enforcement.

Adam Meyers, the senior vice president for intelligence at CrowdStrike, who analyzed the malware used in the January attacks and linked the group to Russia, said the group intended to cause damage and aid Russian military objectives.

“It’s a relatively new group, clearly purpose-built with a disruptive capability in mind,” Meyers said. “The emergence of it is a progression of a continued demand from Russian forces for cyber operational support.”

Another attack occurred Feb. 24, the day that Russia invaded Ukraine, when hackers knocked Viasat offline. The attack flooded modems with malicious traffic and disrupted internet services for several thousand people in Ukraine and tens of thousands of other customers across Europe, Viasat said in a statement. The attack also spilled over into Germany, disrupting operations of wind turbines there.

Viasat said that the hack remained under investigation by law enforcement, U.S. and international government officials and Mandiant, a cybersecurity firm that it hired to look into the matter, and it did not attribute the attack to Russia or any other state-backed group.

But senior U.S. officials said all evidence suggested Russia was responsible, and security researchers at SentinelOne said the malware used in the Viasat attack was similar to code that has been linked to the GRU. The United States has not formally named Russia as the source of the attack but is expected to do so as soon as several allies join in the analysis.

LiterateHiker 9 Apr 6
Share

Enjoy being online again!

Welcome to the community of good people who base their values on evidence and appreciate civil discourse - the social network you will enjoy.

Create your free account

3 comments

Feel free to reply to any comment by clicking the "Reply" button.

3

I just wish we knew whether Garland is going to go after the biggest malware threat in America - trump and his supporters sitting in both houses in WA DC and in states around the country.

2

Excellent

3

MORE good news! They'll deny it, of course but....they'll know we're onto them!

You can include a link to this post in your posts and comments by including the text q:659502
Agnostic does not evaluate or guarantee the accuracy of any content. Read full disclaimer.