Security News > 2024 > February > That home router botnet the Feds took down? Moscow's probably going to try again

Authorities from eleven nations have delivered a sequel to the January takedown of a botnet run by Russia on compromised Ubiquiti Edge OS routers - in the form of a warning that Russia may try again, so owners of the devices should take precautions.

Moobot allowed GRU and its minions to install and run scripts to build a 1,000-strong botnet, which it used for power phishing, spying, credential harvesting, and data theft.

At the time of the takedown, US authorities remarked that this botnet differed from past GRU efforts in that it used off-the-shelf malware.

Called MASEPIE, the malware was directed by the Ubiquiti-based botnet and is described as "a small Python backdoor capable of executing arbitrary commands on victim machines."

The document details indicators of compromise - offering bash histories to help netadmins understand the attack and spot evil downloads used by the botnet's masters.

All of which is lovely - assuming owners of Ubiquiti devices know how to access bash histories.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/02/28/ubiquiti_botnet_second_warning/