Security News

TheMoon malware infects 6,000 ASUS routers in 72 hours for proxy service
2024-03-26 15:00

A new variant of "TheMoon" malware botnet has been spotted infecting thousands of outdated small office and home office routers and IoT devices in 88 countries. Black Lotus Labs researchers monitoring the latest TheMoon campaign, which started in early March 2024, have observed 6,000 ASUS routers being targeted in under 72 hours.

That home router botnet the Feds took down? Moscow's probably going to try again
2024-02-28 04:32

Authorities from eleven nations have delivered a sequel to the January takedown of a botnet run by Russia on compromised Ubiquiti Edge OS routers - in the form of a warning that Russia may try again, so owners of the devices should take precautions. Moobot allowed GRU and its minions to install and run scripts to build a 1,000-strong botnet, which it used for power phishing, spying, credential harvesting, and data theft.

Russian hackers hijack Ubiquiti routers to launch stealthy attacks
2024-02-27 17:25

Russian military hackers are using compromised Ubiquiti EdgeRouters to evade detection, the FBI says in a joint advisory issued with the NSA, the U.S. Cyber Command, and international partners. APT28 is a notorious Russian hacking group found to be responsible for several high-profile cyber attacks since they first began operating.

Feds dismantle Russian GRU botnet built on 1,000-plus home, small biz routers
2024-02-15 21:11

The US government today said it disrupted a botnet that Russia's GRU military intelligence unit used for phishing expeditions, spying, credential harvesting, and data theft against American and foreign governments and other strategic targets. Then the GRU spying team used Moobot to install their own bespoke scripts and files that repurposed the botnet, thus "Turning it into a global cyber espionage platform," according to the Feds.

FBI disrupts Russian Moobot botnet infecting Ubiquiti routers
2024-02-15 18:00

The FBI took down a botnet of small office/home office routers used by Russia's Main Intelligence Directorate of the General Staff to proxy malicious traffic and to target the United States and its allies in spearphishing and credential theft attacks. This network of hundreds of Ubiquiti Edge OS routers infected with Moobot malware was controlled by GRU Military Unit 26165, also tracked as APT28, Fancy Bear, and Sednit.

Botnet Attack Targeted Routers: A Wake-Up Call for Securing Remote Employees’ Hardware
2024-02-09 15:44

State-sponsored hackers affiliated with China have targeted small office/home office routers in the U.S. in a wide-ranging botnet attack, Federal Bureau of Investigation Director Christopher Wray announced on Wednesday, Jan. 31. The investigators also cut the routers off from other devices used in the botnet.

U.S. Feds Shut Down China-Linked "KV-Botnet" Targeting SOHO Routers
2024-02-01 11:37

The U.S. government on Wednesday said it took steps to neutralize a botnet comprising hundreds of U.S.-based small office and home office (SOHO) routers hijacked by a China-linked state-sponsored...

FBI disrupts Chinese botnet by wiping malware from infected routers
2024-01-31 17:43

The FBI has disrupted the KV Botnet used by Chinese Volt Typhoon state hackers to evade detection during attacks targeting U.S. critical infrastructure. Devices compromised and added to this botnet included Netgear ProSAFE, Cisco RV320s, and DrayTek Vigor routers, as well as Axis IP cameras, according to Lumen Technologies' Black Lotus Labs team, who first linked the malware to the Chinese threat group in December.

CISA: Vendors must secure SOHO routers against Volt Typhoon attacks
2024-01-31 16:14

CISA has urged manufacturers of small office/home office routers to ensure their devices' security against ongoing attacks attempting to hijack them, especially those coordinated by Chinese state-backed hacking group Volt Typhoon. Threat actors are compromising many such devices, taking advantage of the sheer numbers of SOHO routers used by Americans and using them as launchpads in attacks targeting U.S. critical infrastructure organizations.

Ubiquiti users report having access to others’ UniFi routers, cameras
2023-12-14 20:38

Since yesterday, users of Ubiquiti networking devices, ranging from routers to security cameras, have reported seeing other people's devices and notifications through the company's UniFi cloud services. Ubiquiti is a popular networking device manufacturer offering a cloud-based UniFi platform where admins can manage all their devices from a single cloud portal.