Intelligence operations of cybercriminals were interrupted by the US authorities.
The US authorities destroyed a botnet that was used to conduct espionage and cyber attacks on American and international targets. The law enforcement operation was carried out in January and included the removal of malware from "more than a thousand" home and office routers.
The main tool of cybercriminals was the Moobot botnet, which allowed remote control of infected devices. Cybercriminals initially infected Ubiquiti routers running on Edge OS using standard administrator passwords. The hackers then modified the botnet, adding their own scripts and files for conducting intelligence operations.
The botnet targets government and military structures, as well as information security companies and large corporations. According to the prosecutor's office, the attackers also used OpenAI models to create phishing emails and malware.
During the operation to eliminate the botnet, specialists managed to remove malicious files from infected routers and change the firewall settings to prevent further infections. All actions were performed with the consent of the device owners.
Recently, it became known that the Chinese spy group Volt Typhoon penetrated the emergency response network of a major American city in order to spy on American telecommunications. It is worth noting that already in early February, US federal agencies warned that Volt Typhoon has been in some networks of the country's critical infrastructure for at least 5 years. The attackers targeted communications, energy, transportation, and water and sewer systems in the United States and Guam.
The US authorities destroyed a botnet that was used to conduct espionage and cyber attacks on American and international targets. The law enforcement operation was carried out in January and included the removal of malware from "more than a thousand" home and office routers.
The main tool of cybercriminals was the Moobot botnet, which allowed remote control of infected devices. Cybercriminals initially infected Ubiquiti routers running on Edge OS using standard administrator passwords. The hackers then modified the botnet, adding their own scripts and files for conducting intelligence operations.
The botnet targets government and military structures, as well as information security companies and large corporations. According to the prosecutor's office, the attackers also used OpenAI models to create phishing emails and malware.
During the operation to eliminate the botnet, specialists managed to remove malicious files from infected routers and change the firewall settings to prevent further infections. All actions were performed with the consent of the device owners.
Recently, it became known that the Chinese spy group Volt Typhoon penetrated the emergency response network of a major American city in order to spy on American telecommunications. It is worth noting that already in early February, US federal agencies warned that Volt Typhoon has been in some networks of the country's critical infrastructure for at least 5 years. The attackers targeted communications, energy, transportation, and water and sewer systems in the United States and Guam.
