Security News

That home router botnet the Feds took down? Moscow's probably going to try again
2024-02-28 04:32

Authorities from eleven nations have delivered a sequel to the January takedown of a botnet run by Russia on compromised Ubiquiti Edge OS routers - in the form of a warning that Russia may try again, so owners of the devices should take precautions. Moobot allowed GRU and its minions to install and run scripts to build a 1,000-strong botnet, which it used for power phishing, spying, credential harvesting, and data theft.

Russian hackers hijack Ubiquiti routers to launch stealthy attacks
2024-02-27 17:25

Russian military hackers are using compromised Ubiquiti EdgeRouters to evade detection, the FBI says in a joint advisory issued with the NSA, the U.S. Cyber Command, and international partners. APT28 is a notorious Russian hacking group found to be responsible for several high-profile cyber attacks since they first began operating.

Feds dismantle Russian GRU botnet built on 1,000-plus home, small biz routers
2024-02-15 21:11

The US government today said it disrupted a botnet that Russia's GRU military intelligence unit used for phishing expeditions, spying, credential harvesting, and data theft against American and foreign governments and other strategic targets. Then the GRU spying team used Moobot to install their own bespoke scripts and files that repurposed the botnet, thus "Turning it into a global cyber espionage platform," according to the Feds.

FBI disrupts Russian Moobot botnet infecting Ubiquiti routers
2024-02-15 18:00

The FBI took down a botnet of small office/home office routers used by Russia's Main Intelligence Directorate of the General Staff to proxy malicious traffic and to target the United States and its allies in spearphishing and credential theft attacks. This network of hundreds of Ubiquiti Edge OS routers infected with Moobot malware was controlled by GRU Military Unit 26165, also tracked as APT28, Fancy Bear, and Sednit.

Botnet Attack Targeted Routers: A Wake-Up Call for Securing Remote Employees’ Hardware
2024-02-09 15:44

State-sponsored hackers affiliated with China have targeted small office/home office routers in the U.S. in a wide-ranging botnet attack, Federal Bureau of Investigation Director Christopher Wray announced on Wednesday, Jan. 31. The investigators also cut the routers off from other devices used in the botnet.

U.S. Feds Shut Down China-Linked "KV-Botnet" Targeting SOHO Routers
2024-02-01 11:37

The U.S. government on Wednesday said it took steps to neutralize a botnet comprising hundreds of U.S.-based small office and home office (SOHO) routers hijacked by a China-linked state-sponsored...

FBI disrupts Chinese botnet by wiping malware from infected routers
2024-01-31 17:43

The FBI has disrupted the KV Botnet used by Chinese Volt Typhoon state hackers to evade detection during attacks targeting U.S. critical infrastructure. Devices compromised and added to this botnet included Netgear ProSAFE, Cisco RV320s, and DrayTek Vigor routers, as well as Axis IP cameras, according to Lumen Technologies' Black Lotus Labs team, who first linked the malware to the Chinese threat group in December.

CISA: Vendors must secure SOHO routers against Volt Typhoon attacks
2024-01-31 16:14

CISA has urged manufacturers of small office/home office routers to ensure their devices' security against ongoing attacks attempting to hijack them, especially those coordinated by Chinese state-backed hacking group Volt Typhoon. Threat actors are compromising many such devices, taking advantage of the sheer numbers of SOHO routers used by Americans and using them as launchpads in attacks targeting U.S. critical infrastructure organizations.

Ubiquiti users report having access to others’ UniFi routers, cameras
2023-12-14 20:38

Since yesterday, users of Ubiquiti networking devices, ranging from routers to security cameras, have reported seeing other people's devices and notifications through the company's UniFi cloud services. Ubiquiti is a popular networking device manufacturer offering a cloud-based UniFi platform where admins can manage all their devices from a single cloud portal.

Stealthy KV-botnet hijacks SOHO routers and VPN devices
2023-12-13 22:47

The Chinese state-sponsored APT hacking group known as Volt Typhoon has been linked to a sophisticated botnet named 'KV-botnet' since at least 2022 to attack SOHO routers in high-value targets. Volt Typhoon commonly targets routers, firewalls, and VPN devices to proxy malicious traffic so it blends with legitimate traffic to remain undetected.