February 15, 2024 at 04:19PM
The US government recently thwarted a botnet utilized by Russia’s GRU military intelligence unit for cyber espionage. Over a thousand compromised routers were neutralized, hindering the use of Moobot malware for data theft and network attacks. The FBI and Justice Department played pivotal roles in dismantling the cyber tools, aiming to safeguard US and allied security.
Based on the meeting notes, it appears that the US government recently disrupted a botnet that the GRU military intelligence unit of Russia had been using for various malicious activities. The botnet, known as Moobot, was used for phishing expeditions, spying, credential harvesting, and data theft against American and foreign governments, as well as other strategic targets.
The takedown, which was court-authorized and involved the neutralization of over a thousand infected routers, took place in January. The Moobot malware, a Mirai variant, was used to compromise devices and launch attacks against networks.
It was revealed that non-GRU cybercriminals installed Moobot on Ubiquiti Edge OS routers using publicly known default administrator passwords, after which the GRU spying team repurposed the botnet for global cyber espionage.
Furthermore, it was mentioned that the Russian intelligence services enlisted the help of criminal groups to target home and office routers, but the Justice Department disabled their scheme. The botnet was found to have targeted organizations of interest to the Russian government, including US and foreign governments, military, security, and corporate organizations. Also, there were instances of the Kremlin agents misusing OpenAI’s models for generating phishing emails and malicious software scripts.
The takedown involved instructing the Moobot botnet to copy and delete malicious files, including the malware itself, and any stolen data on the compromised routers. Additionally, the dismantling of the botnet also involved modifying the routers’ firewall rules to block remote management access to the devices, preventing further hijacking.
It’s worth noting that the Feds claimed this is the second time in as many months that a state-sponsored botnet has been disrupted, with the previous takedown belonging to China’s Volt Typhoon. Despite the disruptions, experts believe that these threat actors will likely come up with new schemes, especially with upcoming elections. Specifically, the Fancy Bear group, believed to have been behind intrusions into the US Democratic Party’s computers during the 2016 US presidential race, has continued their efforts to disrupt elections.