February 27, 2024 at 12:27PM
Russian military hackers, tracked as APT28 and Fancy Bear, are using compromised Ubiquiti EdgeRouters to build botnets for cyber espionage. They target militaries, governments, and organizations worldwide by stealing credentials, hosting malicious tools, and phishing landing pages. The FBI advises performing a factory reset, upgrading firmware, changing credentials, and implementing firewall rules to mitigate this threat.
Based on the meeting notes, the key takeaways are:
– APT28, also known as Fancy Bear, a Russian hacking group, is using compromised Ubiquiti EdgeRouters to create extensive botnets for cyber espionage activities targeting militaries, governments, and other organizations worldwide.
– The routers are being used to steal credentials, collect NTLMv2 digests, and proxy malicious traffic. They are also hosting custom tools and phishing landing pages for covert cyber operations.
– The FBI and partner agencies recommend performing a hardware factory reset, upgrading to the latest firmware version, changing default usernames and passwords, and implementing strategic firewall rules to mitigate the malware infection and block APT28’s access to compromised routers.
– Reporting any suspicious or criminal activities related to these attacks to the local FBI field office or the FBI’s Internet Crime Complaint Center (IC3) is encouraged.
– A joint alert issued by U.S. and U.K. authorities in April 2018 warned about Russian state-backed attackers actively targeting and hacking home and enterprise routers, indicating a history of targeting Internet routing equipment for espionage campaigns and offensive operations.
These takeaways highlight the urgent need to address the compromised routers and the ongoing threat posed by APT28’s activities. It is crucial for organizations to take proactive measures to secure their network infrastructure and report any related criminal activities to the relevant authorities.