US Disrupts Russian Military Intelligence Botnet
Posted: Fri Feb 16, 2024 12:07 am
The U.S. federal government says it disrupted a criminal botnet that Russian military intelligence had converted into a platform for global cyberespionage.
Law enforcement obtained a warrant to modify hundreds of routers made by Ubiquity that had been infected with "Moobot" malware - one of many variations of the Mirai wormable botnet found in the wild after an anonymous coder leaked source code online in 2017.
The malware targets Linux-based IoT devices - in this case, routers made by New York manufacturer Ubiquiti. The Moscow actor known as APT28, Fancy Bear and Forest Blizzard used infected routers located in the United States as proxies for hacking operations, including credential harvesting, stealing single sign-on hashes from Windows operating systems and using hacked routers to host custom tools and spear-phishing landing pages - including one designed to look like a Yahoo logon website.
[...]
US Disrupts Russian Military Intelligence Botnet
Law enforcement obtained a warrant to modify hundreds of routers made by Ubiquity that had been infected with "Moobot" malware - one of many variations of the Mirai wormable botnet found in the wild after an anonymous coder leaked source code online in 2017.
The malware targets Linux-based IoT devices - in this case, routers made by New York manufacturer Ubiquiti. The Moscow actor known as APT28, Fancy Bear and Forest Blizzard used infected routers located in the United States as proxies for hacking operations, including credential harvesting, stealing single sign-on hashes from Windows operating systems and using hacked routers to host custom tools and spear-phishing landing pages - including one designed to look like a Yahoo logon website.
[...]
US Disrupts Russian Military Intelligence Botnet