The US and its allies have disrupted access by a Russian-state sponsored hacking organisation to “well over a thousand home and small business routers” used for criminal and intelligence purposes, FBI Director Christopher Wray said on Feb 15.
Speaking at the Munich Security Conference, Wray said authorities managed to kick a hacking unit that is part of Russian intelligence, known as APT 28 or Fancy Bear, off the routers and “lock the door behind them”.
The Russian agency was “piggybacking” on a network of hacked Internet-connected devices, known as a botnet, “to run cyber operations against countries around the world, including America and its allies in Europe.”
The court-authorised action sought to interdict spearphishing and similar credential-harvesting campaigns against targets of interest to Russian intelligence. That includes US and foreign governments and military, security and corporate organisations, the Department of Justice said in a statement.
The operation was different than past campaigns by Russian state-sponsored hacking organisations, in that it used malware – known as “Moobot” – associated with a criminal group, as opposed to building its own, the DOJ said.
“Cybercriminals installed the Moobot malware on Ubiquiti Edge OS routers that still used publicly known default administrator passwords,” according to the statement. The hackers then used the malware to install their own files and repurposed the botnet, “turning it into a global cyber espionage platform”. – Bloomberg