The US and its allies have disrupted access by a Russian-state sponsored hacking organization to “well over a thousand home and small business routers” used for criminal and intelligence purposes, FBI Director Christopher Wray said on Thursday.
Speaking at the Munich Security Conference, Wray said authorities managed to kick a hacking unit that is part of Russian intelligence, known as APT 28 or Fancy Bear, off the routers and “lock the door behind them.”
The Russian agency was “piggybacking” on a network of hacked internet-connected devices, known as a botnet, “to run cyber operations against countries around the world, including America and its allies in Europe.”
The court-authorized action sought to interdict spearphishing and similar credential-harvesting campaigns against targets of interest to Russian intelligence. That includes US and foreign governments and military, security and corporate organizations, the Department of Justice said in a statement.
The operation was different than past campaigns by Russian state-sponsored hacking organizations, in that it used malware — known as “Moobot” — associated with a criminal group, as opposed to building its own, the DOJ said.
“Cybercriminals installed the Moobot malware on Ubiquiti Edge OS routers that still used publicly known default administrator passwords,” according to the statement. The hackers then used the malware to install their own files and repurposed the botnet, “turning it into a global cyber espionage platform.”
Photo: Photographer: Andrey Rudakov/Bloomberg
Was this article valuable?
Here are more articles you may enjoy.
Cyber Insurance Market ‘Stable’ With Potential for Growth, Says AM Best 
QBE to Non-Renew $500M of North American Mid-Market Biz 
Workers Sue Disney, Say They Were Wrongly Induced to Move to Florida 
Big ‘I’ Report: Independent Agency Channel Placed 62% of Premiums in 2023 
