WASHINGTON -- The US Justice Department Wednesday (May 23) said that it had seized an internet domain that directed a dangerous botnet of a half-million infected home and office network routers, controlled by hackers believed tied to Russian intelligence.
The move was aimed at breaking up an operation deeply embedded in small and medium-sized computer networks that could allow the hackers to take control of computers as well as easily steal data.
The "VPNFilter" botnet targeted home and office routers, through which it could relay orders from the botnet's controllers and intercept and reroute traffic back to them, virtually undetected by the users of a network.
The Justice Department said the botnet was set up by a hacking group variously called APT28, Pawn Storm, Sandworm, Fancy Bear and the Sofacy Group.
The group is blamed for cyber attacks on numerous governments, key infrastructure industries like power grids, the Organization for Security and Co-operation in Europe, the World Anti-Doping Agency and other bodies.
US intelligence agencies also say it was involved in the operation to hack and release damaging information on the Democratic Party during the 2016 US presidential election and that it has engineered a number of computer network disruptions in Ukraine.
"According to cybersecurity researchers, the Sofacy Group is a cyber-espionage group believed to have originated from Russia," the Department of Justice said in a court filing.
The filing did not say who was behind the Sofacy Group, but US intelligence has in the past linked it to Russia's GRU military intelligence agency, and numerous private computer security groups have made the same connection.
In a report released in parallel to the Justice Department announcement, network equipment giant Cisco said VPNFilter had infected at least 500,000 devices in at least 54 countries.