By Sarah N. Lynch

WASHINGTON (Reuters) – The U.S. Federal Bureau of Investigation has wrested control of thousands of routers and firewall appliances away from Russian military hackers by hijacking the same infrastructure Moscow’s spies were using to communicate with the devices, U.S. officials said on Wednesday.

An unsealed redacted affidavit described the unusual operation as a pre-emptive move to stop Russian hackers from mobilizing the compromised devices into a “botnet” – a network of hacked computers that can bombard other servers with rogue traffic.

“Fortunately, we were able to disrupt this botnet before it could be used,” U.S. Attorney General Merrick Garland said.

The targeted botnet was controlled through malware called Cyclops Blink, which U.S. and UK cyberdefense agencies had publicly attributed in late February to “Sandworm,” allegedly one of the Russian military intelligence service’s hacking teams that has repeatedly been accused of carrying out cyberattacks.

Research by cybersecurity firms has shown that Cyclops Blink was developed to hijack devices manufactured by ASUSTeK Computer Inc (WatchGuard Technologies Inc) and WatchGuard Technologies Inc. Russian services have access to these compromised systems and can remotely delete, exfiltrate, or manipulate the data.

Chris Wray, FBI Director, told reporters that the FBI secretly accessed thousands of firewall and router appliances in order to remove the malware and reconfigure them.

Wray stated that malware was removed from thousands of devices, mainly small business-related to network security around the globe. We shut down the Russians’ access to them.

The affidavit noted that U.S. officials launched an awareness campaign “to inform owners of WatchGuard devices of the steps they should take to remediate infections or vulnerabilities” and yet less than half the devices had been fixed to expel the hackers.

In the affidavit, it was noted that WatchGuard had assisted in FBI’s work.

After grim photos of Bucha civilians being shot from close range, the announcement of this new sanction came amid the flurry against Russian banks.

Russia asserts that its “specially military operation” is intended to demilitarize and “denazify” Ukraine. However, it denies targeting civilians.