Security News > 2024 > February > FBI disrupts Russian Moobot botnet infecting Ubiquiti routers

FBI disrupts Russian Moobot botnet infecting Ubiquiti routers
2024-02-15 18:00

The FBI took down a botnet of small office/home office routers used by Russia's Main Intelligence Directorate of the General Staff to proxy malicious traffic and to target the United States and its allies in spearphishing and credential theft attacks.

This network of hundreds of Ubiquiti Edge OS routers infected with Moobot malware was controlled by GRU Military Unit 26165, also tracked as APT28, Fancy Bear, and Sednit.

Cybercriminals not linked with the GRU first infiltrated Ubiquiti Edge OS routers and deployed the Moobot malware, targeting Internet-exposed devices with widely known default administrator passwords.

As part of court-authorized "Operation Dying Ember," FBI agents remotely accessed the compromised routers and used the Moobot malware itself to delete stolen and malicious data and files.

The court-sanctioned actions that severed the routers' link to the Moobot botnet are only temporary.

FBI disrupts Chinese botnet by wiping malware from infected routers.


News URL

https://www.bleepingcomputer.com/news/security/fbi-disrupts-russian-moobot-botnet-infecting-ubiquiti-routers/