Adrian Johnson
TLDR: The FBI announced that it disrupted a widespread campaign by Russia-aligned hackers that had compromised hundreds of small office/home office (SOHO) routers. The attack, attributed to the Russian intelligence agency GRU, used the routers to form a botnet. The FBI operation took down the network of routers used by GRU to commit various cybercrimes, including spearphishing and credential harvesting campaigns. The attacks involved the installation of malware on Ubiquiti Edge OS routers, enabled by publicly known default administrator passwords.
The FBI revealed that it neutralized a campaign by Russia-aligned hackers that targeted and compromised hundreds of small office/home office (SOHO) routers. This announcement comes shortly after the agency disclosed a similar attack campaign by China-linked hackers. Both campaigns exploited SOHO routers and formed botnets to carry out various cybercrimes.
The attack campaign attributed to the Russian intelligence agency GRU was taken down by the FBI in January. The agency obtained court authorization to neutralize the network of routers used by GRU for cyber espionage. The FBI stated that the routers were used to conceal and enable crimes such as spearphishing and credential harvesting campaigns against targets of intelligence interest to the Russian government.
The GRU-attributed attacks involved the installation of malware on Ubiquiti Edge OS routers. This was made possible by the use of publicly known default administrator passwords. The hackers then used the Moobot malware to repurpose the botnet as a global cyber espionage platform.
Small businesses have become increasingly targeted by nation-state attackers, despite not considering themselves as potential targets. According to experts, small businesses are seen as IP addresses by threat actors, making them vulnerable to attacks. The FBI’s recent operations against nation-state hacking campaigns highlight the importance of securing home office networks and devices.
