U.S. government disrupts Russian-linked cyber espionage botnet

ReportFebruary 16, 2024Editorial DepartmentBotnet/Internet Security

cyber espionage

The U.S. government said Thursday it disrupted a botnet of hundreds of small office and home office (SOHO) routers in the country that Russia-linked APT28 attackers used to hide their malicious activities.

“These crimes included large-scale spear phishing and similar credential collection operations targeting intelligence targets of interest to the Russian government, such as U.S. and foreign governments and militaries,” the U.S. Department of Justice (DoJ) said in a statement. , security and enterprise organizations.” stated.

APT28, whose tracking names also include BlueDelta, Fancy Bear, Fighting Ursa, Forest Blizzard (formerly known as Strontium), FROZENLAKE, Iron Twilight, Pawn Storm, Sednit, Sofacy, and TA422, has been assessed as having ties to the Russian General Directorate’s Unit 26165. There is contact with the General Administration. General Staff Unit (GRU). It is understood to have been active since at least 2007.

Court documents say the attackers relied on MooBot, a Mirai-based botnet, to carry out cyberespionage operations. The botnet selected routers made by Ubiquiti and incorporated them into a grid of devices that could be modified to act as proxies to forward malicious traffic. Also mask its actual IP address.

Internet security

The DOJ said the botnet allowed threat actors to mask their true location, obtain credentials and NT LAN Manager (NTLM) v2 hashes via customized scripts, and host spear phishing landing pages and other applications. Custom tools for brute force password cracking, stealing router user passwords and spreading MooBot malware to other devices.

In a redacted affidavit filed by the FBI, the agency said MooBot exploited vulnerable and publicly accessible Ubiquiti routers by using default credentials and implanted an exploit that allowed persistent remote SSH malware that accesses the device.

“Non-GRU cybercriminals installed Moobot malware on Ubiquiti Edge OS routers that still used publicly available default administrator passwords,” the DOJ explained. “GRU hackers then used Moobot malware to install them. own custom scripts and files to repurpose the botnet into a global cyber espionage platform.”

APT28 attackers are suspected of discovering and illegally accessing infected Ubiquiti routers by conducting public scans of the Internet using specific OpenSSH version numbers as search parameters, and then using MooBot to access these routers.

Spear phishing campaigns conducted by the hacker group also exploit a zero-day vulnerability in Outlook (CVE-2023-23397) to steal login credentials and transmit them to routers.

“In another identified campaign, APT28 attackers designed a fake Yahoo! login page that sent credentials entered on the fake page to a compromised Ubiquiti router so that the APT28 attacker could log in at their convenience,” the FBI said. collect.”

As part of an effort to disrupt U.S. botnets and prevent further crimes, a series of unspecified commands have been issued to copy stolen data and malicious files before deleting them, and to modify firewall rules to block remote access to routers by APT28 .

Internet security

The number has been reviewed, although the FBI noted that the exact number of devices compromised in the United States may change. Infected Ubiquiti devices have been detected in “nearly every state,” it added.

The court-authorized operation, dubbed “Dying Embers,” comes just weeks after the U.S. dismantled another state-sponsored hacking campaign originating from China that exploited another botnet codenamed KV-botnet. Networks to target critical infrastructure.

Last May, the United States also announced that it had taken down a global network threatened by an advanced malware called Snake, which was used by hackers associated with Russia’s Federal Security Service (FSB), also known as Turla.

Did you find this article interesting?follow us Twitter and LinkedIn to read more exclusive content from us.



Source link



from Tech Empire Solutions https://techempiresolutions.com/u-s-government-disrupts-russian-linked-cyber-espionage-botnet/
via https://techempiresolutions.com/

from Tech Empire Solutions https://techempiresolutions.blogspot.com/2024/02/us-government-disrupts-russian-linked.html
via https://techempiresolutions.com/

Comments

Post a Comment

Popular posts from this blog

Perfecta grill uses AI to help cook steaks in 90 seconds

Image
CES is increasingly becoming a barbecue show, and companies are constantly looking for ways to bring more technology to your deck or patio. One company adding artificial intelligence technology to its spice racks is Seergerills, a British startup made up of engineers and product developers. Its flagship model, the Perfecta, can cook a one-inch-thick rib-eye steak in 90 seconds. Overall, the company says the grill looks more like a see-through countertop oven and cooks food about 10 times faster than traditional cooking methods. Inside, dual vertical infrared burners cook both sides simultaneously, which not only speeds up the process but also eliminates the need for flipping. Seergerills says the burner has a maximum temperature of 1,652 degrees Fahrenheit, and the unit even ensures crisp edges thanks to 360-degree heating. The built-in artificial intelligence chef calculates the appropriate cooking time and temperature based on the food, taking into account the desired degree of done
Read more

John Wick heads to Vegas to visit interactive attractions

Image
image: Lionsgate If you’ve ever wanted to fully immerse yourself in John Wick , Lionsgate has got you covered. Later this year, action series is becoming “immersive and interactive” tourist attractions In Las Vegas. Grace Byers on horror and comedy in ‘The Dark’ According to the press release, John Wick Experience Produced in collaboration with series director Chad Stahelski and his production company 87Eleven. The 12,000-square-foot exhibit at the city’s AREA15 campus lets visitors “experience high-stakes adventures and visit themed bars and retail stores open to the public.” Guests will be given specific tasks involving characters and images from the film. They’ll also rub shoulders with Continental employees, crime bosses, and other assassins who (presumably) don’t come into contact with Wick’s bad side at any point in the movie, all in an effort to gain access to private Continental areas and learn about the interesting secret. Jenefer Brown, exec
Read more

Ford prepares for next war, Waymo recalls its self-driving car software, another self-driving startup lays off employees

Image
TechCrunch Mobility is a weekly newsletter dedicated to all things transportation. Sign up here – just click TechCrunch Mobility – and get the newsletter in your inbox every weekend. Subscription is free. welcome back TechCrunch Mobile — A central hub for news and insights about the future of transportation.This week’s news includes BMW Security breach exposes sensitive information, federal agencies fight back against Tesla super bowl ad and a new federal investigation Fisker . But first, I want to talk about my recent visit to the law, where I met some people Ford Executives understand their priorities for 2024 and beyond. It can be said with certainty Chinese electric vehicle manufacturer and Tesla is the most important; in the view of Ford executives, low-cost electric vehicles and cutting-edge software are the best ways to stop these threats. The company’s recently revealed Skunk Works project for electric vehicles is tasked with this task. Ford Chief Financial Officer J
Read more