US Disrupts Russian Military Intelligence Botnet

Industry news
Post Reply
rbc
President
Posts: 291
Joined: Mon Oct 30, 2023 1:32 am
Location: Vicksburg, MS
ISC2 Member Status: Yes
Contact:

US Disrupts Russian Military Intelligence Botnet

Post by rbc »

The U.S. federal government says it disrupted a criminal botnet that Russian military intelligence had converted into a platform for global cyberespionage.

Law enforcement obtained a warrant to modify hundreds of routers made by Ubiquity that had been infected with "Moobot" malware - one of many variations of the Mirai wormable botnet found in the wild after an anonymous coder leaked source code online in 2017.

The malware targets Linux-based IoT devices - in this case, routers made by New York manufacturer Ubiquiti. The Moscow actor known as APT28, Fancy Bear and Forest Blizzard used infected routers located in the United States as proxies for hacking operations, including credential harvesting, stealing single sign-on hashes from Windows operating systems and using hacked routers to host custom tools and spear-phishing landing pages - including one designed to look like a Yahoo logon website.
[...]
US Disrupts Russian Military Intelligence Botnet
Robert B. Carleton + ISC2 Central Mississippi President
Post Reply