The massive Russian botnet which belongs to the Sandstorm threat actor has been disconnected from its C2 servers. Sandstorm is known to be a state-sponsored one and it was infecting the target systems with Cyclops Blink malware. This malware allows its owners, Sandstorm, to launch attacks of DDoS, brick devices, and disrupt networks; and it can be used for espionage as well.
Disconnecting the devices from C2
The FBI has stated that they did not connect to the compromised devices in their process
As the FBI gets its approval for action from California and Pennsylvania, the agency has removed Cyclops Blink malware from its C2 servers. This action has resulted in thousands of compromised and infected devices disconnecting from their C2, thus making them unable to perform actions. The Justice Department advises the device owners to check the advisory for Cyclops Blink malware for complete security. Cyplocs Blink is the successor of the VPNFilter malware.
The Russian state-backed threat actor Sandstorm is known for targetting industrial control systems with their tool, named Black Energy. They are working for the Russian military intelligence unit. The group deploys DoS attacks and they are believed to be behind the NotPetya campaign. They also have shut down the Ukrainian power grid, tried to blow up a Saudi Arabian petrochemical plant, and deployed wiper malware targeting the Viasat satellite network of Europe and Ukraine.