On April 6th, the DOJ’s Office of Public Affairs released a statement about actions that were taken to “disrupt a two-tiered global botnet of thousands of infected network hardware devices”. The release specifies that the botnet was controlled by Russia’s Main Intelligence Directorate (GRU) where previously it was simply referred to as state-sponsored.
This comes after collaborative work between various government agencies in the US and UK and private partners, namely Watchguard Technologies. When the risk of compromise was identified, Watchguard was proactive in contacting partners immediately. They provided tools to both check for indicators of compromise (IOC) and steps to remediate the compromise or harden devices to prevent it based on the scans. System software updates were also provided to remove the potential vulnerability. The news that the botnet has been disrupted was welcome, but the exercise will have helped may organizations adopt some better security policies and implement best practices.
BIT has been a longtime Watchguard partner and after scans of our devices in the field, it was determined that there were no IOC present on any devices under our control. All preventative steps were enacted to further secure and protect all devices under our management.