The Department of Justice has disrupted a botnet used by Russian military intelligence for widespread cyber espionage.
The network was made up of hundreds of individual small office/home office routers that the Russian Military Unit 26165 was able to use to launch cybercrimes, including spear-phishing, credential harvesting, and more, according to the DoJ. And unlike other custom-code networks typically used by Russian state-affiliated threat actors, this one was built on existing malware, called Moobot, linked to other known cybercriminal actors, the Justice Department said in its statement.
US law enforcement was able to use the Moobot malware to hack into compromised routers, copy and delete stolen data, remove malicious files, regain full device control, as well as block any remote access, according to the DoJ. The US government said affected Ubiquiti US Edge OS routers were disconnected from the Moobot networks and that any changes made to devices are temporary.
The DoJ urges users to complete a factory reset on affected routers and update the default administrator passwords.
Deputy Attorney General Lisa Monaco noted this is the second time in two months the DoJ has disrupted a state-sponsored botnet.
Jeff Hultquist, chief analyst with Mandiant Intelligence-Google Cloud, said that while this operation alone is unlikely to have a significant impact on Russian cyber-espionage operations, there is value in slowing their efforts with these disruptions.
This Cyber News was published on www.darkreading.com. Publication date: Thu, 15 Feb 2024 20:50:21 +0000