An interesting development came to light recently wherein the FBI intervened on behalf of people who had not updated their watchguard firewalls and had gotten hacked by Russian threat actors. In a clandestine takedown operation cloaked by a federal warrant, FBI agents remotely accessed infected WatchGuard firewalls, hacked in, kicked out the intruders, and closed the vulnerability.
Watchguard firewalls are used by some businesses to protect their networks. Although the vulnerability had been addressed in May of 2021, as recently as February of 2022 some people still hadn’t updated.
The botnet infecting the firewalls was dubbed “cyclops blink” and was controlled by the Kremlin, according to an advisory jointly issued by the UK’s National Cyber Security Centre (NCSC), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI).
SpireTech VIP Support Managed IT Service provider clients receive regular firewall updates, and emergency firewall updates when needed. SpireTech’s preferred firewall vendor is Sophos.