Teacher
Professional
- Messages
- 2,669
- Reaction score
- 818
- Points
- 113
The US Department of Justice reported on the hacking of a botnet that included routers from the SOHO segment (small and home offices). According to the American side, the GRU military unit (the current name is the Main Directorate of the General Staff of the Armed Forces of the Russian Federation) number 26165 was behind its creation. In Western publications, it is also known as APT 28, Sofacy Group, Forest Blizzard, Pawn Storm, Fancy Bear, and Sednit.
It is noted that the botnet participated in large-scale targeted phishing campaigns, and also helped the GRU collect user credentials related to objects of interest to the Russian government. In Washington, they claim that the GRU did not create a botnet from scratch. Instead, Moobot malware linked to one of the cybercrime groups was used. Its members installed Moobot on Ubiquiti Edge OS routers, which used default administrator passwords. After that, GRU employees allegedly installed their own scripts and files that turned the botnet into a global platform for cyber espionage.
During the "Fading Coal" cyber operation, US security forces managed to remove malicious data and files from hacked routers, as well as neutralize access to them by GRU employees.
"The Department of Justice is stepping up efforts to crack down on the Russian government's cyber campaigns against the United States and our allies, including Ukraine," U.S. Attorney General Merrick Garland said in a statement. — In this particular case, the Russian special services asked criminal groups to help them attack SOHO routers, but we managed to cover up this shop. We will continue to dismantle the Russian government's malicious cyber tools that endanger the security of the United States and our allies."
• Source: https://www.justice.gov/opa/pr/just...thorized-disruption-botnet-controlled-russian
It is noted that the botnet participated in large-scale targeted phishing campaigns, and also helped the GRU collect user credentials related to objects of interest to the Russian government. In Washington, they claim that the GRU did not create a botnet from scratch. Instead, Moobot malware linked to one of the cybercrime groups was used. Its members installed Moobot on Ubiquiti Edge OS routers, which used default administrator passwords. After that, GRU employees allegedly installed their own scripts and files that turned the botnet into a global platform for cyber espionage.
During the "Fading Coal" cyber operation, US security forces managed to remove malicious data and files from hacked routers, as well as neutralize access to them by GRU employees.
"The Department of Justice is stepping up efforts to crack down on the Russian government's cyber campaigns against the United States and our allies, including Ukraine," U.S. Attorney General Merrick Garland said in a statement. — In this particular case, the Russian special services asked criminal groups to help them attack SOHO routers, but we managed to cover up this shop. We will continue to dismantle the Russian government's malicious cyber tools that endanger the security of the United States and our allies."
• Source: https://www.justice.gov/opa/pr/just...thorized-disruption-botnet-controlled-russian
