02.02.2024
2 min
1264
The US government has cracked down on a Russian botnet that used hundreds of small office and home office (SOHO) routers for cyber espionage. This APT28-related botnet used specialized MooBot malware to disguise its activities and collect sensitive data.
Attackers exploited vulnerabilities in Ubiquiti routers by installing the MooBot malware on them to create a network of devices that acted as proxies. This allowed them to mask their true location and conduct phishing campaigns to collect credentials.
The Federal Bureau of Investigation (FBI) and the US Department of Justice conducted Operation Dying Ember to disrupt the botnet and prevent further crimes. As part of this operation, measures were taken to copy and delete stolen data from infected devices, as well as modifying firewall rules to block remote access by APT28.
Infected devices were found in almost every state in the US, indicating the large scale of the infiltration. The exact number of hacked devices has not been released, but the FBI said the situation could change.
The operation against the APT28 botnet underscores the importance of international cooperation and the ongoing fight against cybercrime. The US government has demonstrated its determination to protect national security and the privacy of citizens by taking effective measures against cyber threats. The event also serves as a reminder of the need to strengthen cybersecurity and update software on devices to prevent similar attacks in the future. US military neutralizes Russian botnet APT28
