The FBI silently removed Russian malware to thwart global cyberattacks

Attorney General Merrick B. Garland has revealed that the United States secretly removed malware from computer networks around the world over the past few weeks to pre-empt Russian cyberattacks. As The New York Times reports, Garland’s announcement comes shortly after the White House warned companies that Russia could attack critical infrastructure in the country, such as financial institutions and the electric grid. Apparently, the malware the US removed enabled the intelligence arm of the Russian military called the GRU to create botnets out of the infected computer networks. 

According to the Justice Department, the malware was designed to infect firewalls and made the compromised networks part of a botnet called Cyclops Blink. It’s controlled by Sandworm, a notorious group that the US government had previously connected to the GRU. Cyclops Blink is Sandworm’s latest known botnet, and it only came to light back in February. It’s still unclear what Russia was planning to do with the hijacked computers, but botnets are typically used to perform large-scale Distributed Denial of Service (DDoS) attacks, as well as to send spam and to compromise sensitive information. 

In its press release, the DOJ said the FBI notified owners of infected devices in the US before Cyclops Blink was identified in February 23rd. It also notified companies outside the country through local law enforcement partners. However, US authorities didn’t want to wait to find out what the botnet would be used for. 

The Justice Department and the FBI obtained secret court orders in the US and secured the help of governments worldwide to quietly remove the malware from infected devices. Those court orders even gave them the power to remotely remove the malware from American companies’ networks without their knowledge. After the feds disinfected the compromised machines, they also closed the external management ports Sandworm was using for access.

Over the past months, the Biden administration has been exposing as much intelligence on Russia as possible without giving away its actions to catch Putin off guard. This disclosure is just its latest effort to send a message to the Russian president. The fact that Sandworm infiltrated networks around the world to create a botnet just shows, however, that there’s a cyber warfare going on that might end up affecting countries other than Ukraine. If you’ll recall, a major cyberattack took down Ukraine’s government websites before the Russian invasion of the country began. Ukraine’s government, as well as US and UK authorities, blamed the attacks on the GRU.

Hackers are corrupting the save files of ‘Elden Ring’ players on PC

If you’re playing through Elden Ring on PC, you may want to disable the game’s online functionality for the time being. According to a Reddit report spotted by Eurogamer, some malicious individuals have found a hack that can send PC players into an endless death loop.

You can see the exploit in action in a video posted by Elden Ring Update on Twitter. A hacker will invade your game and use a specific ability that forces Elden Ring to crash. When you reload your save, your character will repeatedly fall to their death. Elden Ring is a big game, and some players have reported losing as much as 100 hours of gameplay in this way.

If all of this sounds familiar, it’s because FromSoftware was recently forced to disable Dark Souls 3’s multiplayer features after a hacker identified a vulnerability within the game that allowed them to execute code remotely. The studio has been working to address the issue since February.

FromSoftware and Bandai Namco have yet to comment on the exploit. We’ll update this article when they say something on the matter. In the meantime, your best bet is to play offline. Failing that, you’ll want to regularly backup your save in case someone uses the exploit on one of your characters. In the worst-case scenario, it’s possible to salvage a save, but the process isn’t easy. You need to press Alt F4 before your character dies, and then quickly fast travel to a Site of Grace when you reload the game.  

‘Gran Turismo 7’ has been down for over a day (updated)

Gran Turismo 7‘s dependence on an internet connection is coming back to haunt the developers. Eurogamernotes players are review bombing the PlayStation racing sim on Metacritic after Polyphony Digital and Sony extended maintenance beyond 24 hours to deal with the faulty 1.07 patch. As you need online access to play the core GT mode, some gamers are furious — the average Metacritic user review score sat at 3.6 as of this writing.

This isn’t the only gripe. Some players are less than thrilled with the presence of microtransactions in Gran Turismo 7, and have accused the creators of making it harder to obtain new cars and upgrades without spending real money. Other players have asked for full refunds.

It’s not clear when GT7 will go back online. Polyphony said only that it would provide a completion time “as soon as possible.” We’ve asked Sony for comment. It’s safe to presume the producers will want to restore service quickly, though. While the review bombing will only do limited damage to a well-known game that has already been available for weeks, it won’t look good if one of the PlayStation 5’s marquee games isn’t even playable during the weekend.

Update 3/18 12:33PM ET:Gran Turismo 7 is back online after the company released a 1.08 update. Polyphony’s Kazunori Yamauchi explained that a bug in 1.07 prevented the game from starting properly for some PS4 and PS5 users, and that the extended maintenance helped protect users’ save data.