CyberSecurityBoard
Sponsor Register Login

DoJ Breaks Russian Military Botnet in Fancy Bear Takedown

The Department of Justice has disrupted a botnet used by Russian military intelligence for widespread cyber espionage.
The network was made up of hundreds of individual small office/home office routers that the Russian Military Unit 26165 was able to use to launch cybercrimes, including spear-phishing, credential harvesting, and more, according to the DoJ. And unlike other custom-code networks typically used by Russian state-affiliated threat actors, this one was built on existing malware, called Moobot, linked to other known cybercriminal actors, the Justice Department said in its statement.
US law enforcement was able to use the Moobot malware to hack into compromised routers, copy and delete stolen data, remove malicious files, regain full device control, as well as block any remote access, according to the DoJ. The US government said affected Ubiquiti US Edge OS routers were disconnected from the Moobot networks and that any changes made to devices are temporary.
The DoJ urges users to complete a factory reset on affected routers and update the default administrator passwords.
Deputy Attorney General Lisa Monaco noted this is the second time in two months the DoJ has disrupted a state-sponsored botnet.
Jeff Hultquist, chief analyst with Mandiant Intelligence-Google Cloud, said that while this operation alone is unlikely to have a significant impact on Russian cyber-espionage operations, there is value in slowing their efforts with these disruptions.


This Cyber News was published on www.darkreading.com. Publication date: Thu, 15 Feb 2024 20:50:21 +0000


Cyber News related to DoJ Breaks Russian Military Botnet in Fancy Bear Takedown

Feds go Fancy Bear hunting, take down Russia's GRU botnet The Register - The US government today said it disrupted a botnet that Russia's GRU military intelligence unit used for phishing expeditions, spying, credential harvesting, and data theft against American and foreign governments and other strategic targets. Moobot ...
10 months ago Go.theregister.com
Russian-Backed Hackers Target High-Value US, European Entities - Hackers linked to Russia's military intelligence unit exploited previously patched Microsoft vulnerabilities in a massive phishing campaign against U.S. and European organizations in such vectors as government, aerospace, and finance across North ...
1 year ago Securityboulevard.com
Feds Disrupt Botnet Used by Russian APT28 Hackers - Federal law enforcement kicked Russian state hackers off a botnet comprising at least hundreds of home office and small office routers that had been pulled together by a cybercriminal group and co-opted by the state-sponsored spies. APT28, an ...
10 months ago Securityboulevard.com
DoJ Breaks Russian Military Botnet in Fancy Bear Takedown - The Department of Justice has disrupted a botnet used by Russian military intelligence for widespread cyber espionage. The network was made up of hundreds of individual small office/home office routers that the Russian Military Unit 26165 was able to ...
10 months ago Darkreading.com
FBI disrupts Moobot botnet used by Russian military hackers - The FBI took down a botnet of small office/home office routers used by Russia's Main Intelligence Directorate of the General Staff in spearphishing and credential theft attacks targeting the United States and its allies. This network of hundreds of ...
10 months ago Bleepingcomputer.com
Fancy Bear goes phishing in US, European high-value networks The Register - Fancy Bear, the Kremlin's cyber-spy crew, has been exploiting two previously patched bugs for large-scale phishing campaigns against high-value targets - like government, defense, and aerospace agencies in the US and Europe - since March, according ...
1 year ago Go.theregister.com
Russian military hackers target NATO fast reaction corps - Russian APT28 military hackers used Microsoft Outlook zero-day exploits to target multiple European NATO member countries, including a NATO Rapid Deployable Corps. Researchers from Palo Alto Networks' Unit 42 have observed them exploiting the ...
1 year ago Bleepingcomputer.com
US DOJ applies carrot-and-stick approach to Foreign Corrupt Practices Act policy - The US Department of Justice has taken a carrot-and-stick approach to its corporate enforcement policy in regard to the Foreign Corrupt Practices Act in an effort to entice companies to self-report when in violation of the FCPA. Assistant Attorney ...
1 year ago Csoonline.com
Stealthy KV-botnet hijacks SOHO routers and VPN devices - The Chinese state-sponsored APT hacking group known as Volt Typhoon has been linked to a sophisticated botnet named 'KV-botnet' since at least 2022 to attack SOHO routers in high-value targets. Volt Typhoon commonly targets routers, firewalls, and ...
1 year ago Bleepingcomputer.com
Russian admits building now-dismantled IPStorm proxy botnet The Register - The FBI says it has dismantled another botnet after collaring its operator, who admitted hijacking tens of thousands of machines around the world to create his network of obedient nodes. Sergei Makinin, a Russian and Moldovan national, was cuffed in ...
1 year ago Theregister.com
DOJ Seizes Ransomware Site as BlackCat Threatens More Attacks - U.S. law enforcement agencies said they shut down the online operations of the notorious Russia-linked BlackCat ransomware-as-a-service group and developed a decryption tool that will help more than 500 victims regain access to their encrypted data ...
1 year ago Securityboulevard.com
Ukrainian military says it hacked Russia's federal tax agency - The Ukrainian government's military intelligence service says it hacked the Russian Federal Taxation Service, wiping the agency's database and backup copies. Following this operation, carried out by cyber units within Ukraine's Defense Intelligence, ...
1 year ago Bleepingcomputer.com
"Largest Botnet Ever" Disrupted. 911 S5's Alleged Mastermind Arrested - A vast network of millions of compromised computers, being used to facilitate a wide range of cybercrime, has been disrupted by a multinational law enforcement operation. 35-year-old YunHe Wang, a dual citizen of China and St. Kitts and Nevis, is ...
6 months ago Tripwire.com
Massive 911 S5 Botnet Dismantled, Chinese Mastermind Arrested - The US Justice Department announced on Wednesday that the massive 911 S5 proxy botnet has been dismantled and its alleged administrator, a Chinese national, has been arrested. The Treasury Department earlier this week announced sanctions against ...
6 months ago Packetstormsecurity.com
Cyber Insights 2023: The Geopolitical Effect - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a ...
1 year ago Securityweek.com
US Gov Disrupts SOHO Router Botnet Used by Chinese APT Volt Typhoon - The US government on Wednesday announced a major takedown of a botnet full of end-of-life Cisco and Netgear routers after researchers warned it was being used by Chinese state-backed hackers as a covert communications channel. The disruption comes ...
10 months ago Securityweek.com
Russian Espionage Group Hammers Zero-Click Microsoft Outlook Bug - An espionage group linked to the Russian military continues to use a zero-click vulnerability in Microsoft Outlook in attempts to compromise systems and gather intelligence from government agencies in NATO countries, as well as the United Arab ...
1 year ago Darkreading.com
Volt Typhoon-Linked SOHO Botnet Infects Multiple US Gov't Entities - Researchers have discovered an Internet of Things botnet linked with attacks against multiple US government and communications organizations. It comes built with a series of stealth mechanisms and the ability to spread further into local area ...
1 year ago Darkreading.com
FSB arrests Russian hackers working for Ukrainian cyber forces - The Russian Federal Security Service arrested two individuals believed to have helped Ukrainian forces carry out cyberattacks to disrupt Russian critical infrastructure targets. Both suspects were taken into custody one same day in two different ...
1 year ago Bleepingcomputer.com
Russian military hackers target Ukraine with new MASEPIE malware - Ukraine's Computer Emergency Response Team is warning of a new phishing campaign that allowed Russia-linked hackers to deploy previously unseen malware on a network in under one hour. APT28, aka Fancy Bear or Strontium, is a Russian state-sponsored ...
11 months ago Bleepingcomputer.com
The SFPD's Intended Purchase of a Robot Dog Triggers Board of Supervisors' Oversight Obligations - The San Francisco Police Department wants to get a robot quadruped, popularly known as a robot dog. The city's Board of Supervisors has a regulatory duty to probe into this intended purchase, including potentially blocking it altogether. The SFPD ...
5 months ago Eff.org
How the Hive Takedown Impacts Ransomware Prevention - Ransomware experts are widely praising the takedown of the notorious "Hive" criminal infrastructure, but the potential impacts it may have on preventing ransomware ongoing and into the future remains a matter of debate. ...
1 year ago Therecord.media
Feds arrest Russians accused of tech smuggling operation The Register - Three Russian nationals were arrested in New York yesterday on charges of moving electronics components worth millions to sanctioned entities in Russia, pieces of which were later recovered on battlefields in Ukraine. Nikolay Goltsev, a ...
1 year ago Theregister.com
Who Is Behind Pro-Ukrainian Cyberattacks on Iran? - COMMENTARY. Ukrainian cyber forces have attacked Russian infrastructure and assets almost since the first day of the Russian invasion of Ukraine on Feb. 24, 2022. While its mainstay is denial-of-service attacks that have knocked out the Russian ...
11 months ago Darkreading.com
New botnet malware exploits two zero-days to infect NVRs and routers - A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution vulnerabilities to infect routers and video recorder devices. The malware hijacks the devices to make them part of its DDoS swarm, ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)