May 3, 2024 at 09:10AM Trend Micro reports that the APT28 cyberespionage group, linked to Russia, used a botnet of Ubiquiti routers for espionage. The FBI dismantled the botnet in January 2024, but Trend Micro found remnants and expanded botnet details. APT28 used infected devices for various illicit activities, including proxying stolen credentials and cryptocurrency … Read more
February 28, 2024 at 07:45AM The US government has urged organizations and consumers to clean up their Ubiquiti routers following the dismantling of a botnet utilized by a Russian cyberespionage group known as APT28. The group, also called Fancy Bear, had been using compromised routers for covert operations since 2022, targeting various organizations worldwide. The … Read more
February 28, 2024 at 01:21AM Cybersecurity agencies are warning Ubiquiti EdgeRouter users to take precautions against the MooBot botnet, tied to APT28 and used to conduct covert cyber operations globally. The advisory recommends resetting routers, updating firmware, changing default credentials, and implementing firewall rules. This highlights the increasing use of routers as launchpads for malicious … Read more
February 16, 2024 at 02:03AM The U.S. government disrupted a botnet using SOHO routers linked to APT28 for cyber-espionage against U.S. and foreign targets. The botnet, dubbed MooBot, allowed threat actors to harvest credentials and conceal their location. The operation, known as Dying Ember, involved deleting stolen data and modifying firewall rules to block access. … Read more