Teacher
Professional
- Messages
- 2,670
- Reaction score
- 791
- Points
- 113
US authorities are calling for security measures to protect your privacy.
Federal agencies in the United States and other countries urge users to pay attention to the risks of using Ubiquiti EdgeRouter routers. The statement of the authorities follows the defeat of the MooBot botnet, consisting of infected routers.
The MooBot botnet, according to the authorities, was used by the APT28 group to conduct secret cyber operations and distribute specialized malware. APT28 has been active since 2007.
APT28 used hacked EdgeRouter routers around the world to collect credentials, redirect traffic, and create phishing pages. The attacks, launched in 2022, affected multiple critical infrastructure sectors in a number of countries, including the Czech Republic, Italy, and the United States.
MooBot's methods include hacking routers with easy passwords to install OpenSSH-based Trojans. After gaining access, APT28 used bash scripts and ELF binaries to steal data and conduct phishing. The group also exploited the critical Microsoft Outlook vulnerability CVE-2023-23397 (CVSS rating: 9.8), which allows you to steal NTLM hashes and carry out attacks without user interaction.
In the APT28 arsenal, a MASEPIE – Python backdoor was discovered that allows you to execute commands on victims computers using infected Ubiquiti routers as a command and control infrastructure (Command and Control, C2).
Agency recommendations for organizations include resetting routers to factory settings, updating firmware, changing passwords, and installing a firewall to restrict remote access.
Recall that in July 2023, the information security company SSD Secure Disclosure warned about the possibility of executing arbitrary code on Ubiquiti EdgeRouter and AirCube devices using a vulnerability in the firmware, which was fixed in the latest updates, but devices with an outdated software version are still susceptible to it.
In February 2024, the US authorities destroyed the MooBot botnet, which was used to conduct espionage and cyber attacks on American and international targets. The law enforcement operation was carried out in January and included the removal of malware from "more than a thousand" home and office routers.
Federal agencies in the United States and other countries urge users to pay attention to the risks of using Ubiquiti EdgeRouter routers. The statement of the authorities follows the defeat of the MooBot botnet, consisting of infected routers.
The MooBot botnet, according to the authorities, was used by the APT28 group to conduct secret cyber operations and distribute specialized malware. APT28 has been active since 2007.
APT28 used hacked EdgeRouter routers around the world to collect credentials, redirect traffic, and create phishing pages. The attacks, launched in 2022, affected multiple critical infrastructure sectors in a number of countries, including the Czech Republic, Italy, and the United States.
MooBot's methods include hacking routers with easy passwords to install OpenSSH-based Trojans. After gaining access, APT28 used bash scripts and ELF binaries to steal data and conduct phishing. The group also exploited the critical Microsoft Outlook vulnerability CVE-2023-23397 (CVSS rating: 9.8), which allows you to steal NTLM hashes and carry out attacks without user interaction.
In the APT28 arsenal, a MASEPIE – Python backdoor was discovered that allows you to execute commands on victims computers using infected Ubiquiti routers as a command and control infrastructure (Command and Control, C2).
Agency recommendations for organizations include resetting routers to factory settings, updating firmware, changing passwords, and installing a firewall to restrict remote access.
Recall that in July 2023, the information security company SSD Secure Disclosure warned about the possibility of executing arbitrary code on Ubiquiti EdgeRouter and AirCube devices using a vulnerability in the firmware, which was fixed in the latest updates, but devices with an outdated software version are still susceptible to it.
In February 2024, the US authorities destroyed the MooBot botnet, which was used to conduct espionage and cyber attacks on American and international targets. The law enforcement operation was carried out in January and included the removal of malware from "more than a thousand" home and office routers.
