February 15, 2024 at 02:45PM
The US government has neutralized a Russian cyber espionage platform by disrupting a botnet of hundreds of Ubiquiti Edge OS routers controlled by the APT28 group. The routers were initially infected with ‘Moobot’ malware by cybercriminals and subsequently hijacked by the Russian group. The operation involved deleting stolen data and modifying routers’ firewall rules to block access.
From the meeting notes:
– The US government neutralized a router botnet used by Russian cyberspies, known as APT28 or Fancy Bear, which was connected to the Russian GRU.
– The botnet was built using the ‘Moobot’ malware by cybercriminals and later repurposed by the Russian APT group for global cyber espionage.
– US law enforcement used a court order to copy and delete stolen and malicious data from compromised routers, and modified firewall rules to block remote management access by the GRU.
– The operation was extensively tested to avoid impacting normal router functionality or collecting legitimate user content information.
– This takedown follows a previous disruption of a botnet used by Chinese state-backed hackers.