Security News

Russian military hackers are using compromised Ubiquiti EdgeRouters to evade detection, the FBI says in a joint advisory issued with the NSA, the U.S. Cyber Command, and international partners. APT28 is a notorious Russian hacking group found to be responsible for several high-profile cyber attacks since they first began operating.

The US government today said it disrupted a botnet that Russia's GRU military intelligence unit used for phishing expeditions, spying, credential harvesting, and data theft against American and foreign governments and other strategic targets. Then the GRU spying team used Moobot to install their own bespoke scripts and files that repurposed the botnet, thus "Turning it into a global cyber espionage platform," according to the Feds.

The FBI took down a botnet of small office/home office routers used by Russia's Main Intelligence Directorate of the General Staff to proxy malicious traffic and to target the United States and its allies in spearphishing and credential theft attacks. This network of hundreds of Ubiquiti Edge OS routers infected with Moobot malware was controlled by GRU Military Unit 26165, also tracked as APT28, Fancy Bear, and Sednit.

State-sponsored hackers affiliated with China have targeted small office/home office routers in the U.S. in a wide-ranging botnet attack, Federal Bureau of Investigation Director Christopher Wray announced on Wednesday, Jan. 31. The investigators also cut the routers off from other devices used in the botnet.

The U.S. government on Wednesday said it took steps to neutralize a botnet comprising hundreds of U.S.-based small office and home office (SOHO) routers hijacked by a China-linked state-sponsored...

The FBI has disrupted the KV Botnet used by Chinese Volt Typhoon state hackers to evade detection during attacks targeting U.S. critical infrastructure. Devices compromised and added to this botnet included Netgear ProSAFE, Cisco RV320s, and DrayTek Vigor routers, as well as Axis IP cameras, according to Lumen Technologies' Black Lotus Labs team, who first linked the malware to the Chinese threat group in December.

CISA has urged manufacturers of small office/home office routers to ensure their devices' security against ongoing attacks attempting to hijack them, especially those coordinated by Chinese state-backed hacking group Volt Typhoon. Threat actors are compromising many such devices, taking advantage of the sheer numbers of SOHO routers used by Americans and using them as launchpads in attacks targeting U.S. critical infrastructure organizations.

Since yesterday, users of Ubiquiti networking devices, ranging from routers to security cameras, have reported seeing other people's devices and notifications through the company's UniFi cloud services. Ubiquiti is a popular networking device manufacturer offering a cloud-based UniFi platform where admins can manage all their devices from a single cloud portal.

The Chinese state-sponsored APT hacking group known as Volt Typhoon has been linked to a sophisticated botnet named 'KV-botnet' since at least 2022 to attack SOHO routers in high-value targets. Volt Typhoon commonly targets routers, firewalls, and VPN devices to proxy malicious traffic so it blends with legitimate traffic to remain undetected.

Connect and protect your whole team with this mini router that offers 10,000 sq ft coverage and a built-in VPN for the low price of $599.99. The Mini by Routie is probably the easiest way to set up a guest network.