U.S. Authorities Dismantle Botnet Allegedly Linked to Russian Intelligence
The U.S. government has announced the successful dismantling of a botnet accused of being used for phishing attacks, surveillance, data collection, and information theft. The charge holds that the network of hacked devices was set up by Russian Intelligence structures, as reported by The Register.
Details of the Botnet Operation
The botnet that comprised “over thousand” of routers, widely utilized in home networks and small businesses, was liquidated in January. The devices were infected with the Moobot virus — a version of the previously identified Mirai malware. The virus was employed for remote control of the hacked devices and for launching network attacks.
Origins and Repurposing of the Botnet
Unknown cybercriminals installed Moobot on routers running Ubiquiti Edge OS, exploiting the default login credentials. After the installation, control of these compromised devices was allegedly seized by the hacking group APT 28, also known as Forest Blizzard and Fancy Bear, which supposedly has ties to Russian intelligence. This group transformed the botnet into a “global cyberespionage platform” by mass-installing their scripts onto the devices. The botnet’s targets included organizations both affiliated with the U.S. government and that of other nations, military organizations, and private companies.
Hijacking and Disassembly of the Botnet
FBI experts hijacked control of Moobot and issued commands to the malicious network to copy and delete harmful files including the malware files and data contained on the compromised routers. The Americans modified the routers’ firewall rules to prevent recapture. At the operation’s conclusion, all devices were forcibly reset to factory settings, meaning they would remain vulnerable to further attacks if the default login details persist.
