Cadastre-se agora para um orçamento mais personalizado!

FBI dismantles Russia's GRU botnet

Feb, 15, 2024 Hi-network.com

In January 2024, the FBI conducted an authorised operation to dismantle a botnet consisting of hundreds of small office/home office (SOHO) routers. In a press release, the US Department of Justice (DoJ) shares that this network, controlled by GRU Military Unit 26165, also known as APT28 or Fancy Bear, was used to facilitate various illicit activities, including spearphishing and credential theft targeting the USA and its allies.

The operation uncovered the use of Moobot malware by the GRU, originally deployed by independent cyber criminals through exploiting default passwords on Ubiquiti Edge OS routers. Subsequently, the GRU repurposed the infected routers for their own cyberespionage endeavours, using a range of tools and tactics to target governments, military, security, and corporate organisations worldwide.

In the court-approved 'Operation Dying Ember,' FBI agents remotely accessed compromised routers and used the Moobot malware to delete stolen and malicious data. They then removed the malware and prevented further remote access, halting potential reinfection by threat actors. Additionally, the operation adjusted firewall rules on the routers to block remote management access temporarily, preventing malicious interference. Importantly, standard router functionality remained intact, and user data was not harvested. These actions, approved by the court, severed the routers' connection to the Moobot botnet temporarily while allowing victims to regain control and mitigate the compromise.

'For the second time in two months, we've disrupted state-sponsored hackers from launching cyberattacks behind the cover of compromised US routers,' said Deputy Attorney General Lisa Monaco. The operation follows the dismantling of a botnet controlled by the Chinese state-linked hacker group Volt Typhoon.

tag-icon Tags quentes : Segurança cibernética Conflito cibernético e guerra

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.