Security News > 2024 > February > Feds dismantle Russian GRU botnet built on 1,000-plus home, small biz routers

The US government today said it disrupted a botnet that Russia's GRU military intelligence unit used for phishing expeditions, spying, credential harvesting, and data theft against American and foreign governments and other strategic targets.

Then the GRU spying team used Moobot to install their own bespoke scripts and files that repurposed the botnet, thus "Turning it into a global cyber espionage platform," according to the Feds.

In December Microsoft said the Fancy Bear crew had been exploiting two previously patched bugs for large-scale phishing campaigns against high-value targets such as government, defense, and aerospace agencies in the US and Europe, though didn't say if a botnet was used in the attacks.

According to American prosecutors, the Feds were able to instruct the Moobot botnet to copy and delete malicious files - including the malware itself - and any stolen data on the compromised routers, likely similar to what the DOJ did with the recent Volt Typhoon KV botnet takedown.

Plus, the Feds said, users can rollback Uncle Sam's firewall rule changes via factory resets, or the routers' web-based user interface, though bear in mind a reset potentially leaves devices open to hijacking again if one doesn't change the admin password from the default.

FBI confirms it issued remote kill command to blow out Volt Typhoon's botnet Fancy Bear goes phishing in US, European high-value networks OpenAI shuts down China, Russia, Iran, N Korea accounts caught doing naughty things China's Volt Typhoon spies broke into emergency network of 'large' US city.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/02/15/feds_go_fancy_bear_hunting/