DOJ quietly removed Russian malware from routers in US homes and businesses::Feds once again fix up compromised retail routers under court order.

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    1
    ·
    10 months ago

    This is the best summary I could come up with:


    More than 1,000 Ubiquiti routers in homes and small businesses were infected with malware used by Russian-backed agents to coordinate them into a botnet for crime and spy operations, according to the Justice Department.

    That malware, which worked as a botnet for the Russian hacking group Fancy Bear, was removed in January 2024 under a secret court order as part of “Operation Dying Ember,” according to the FBI’s director.

    Unlike previous attacks by Fancy Bear—that the DOJ ties to GRU Military Unit 26165, which is also known as APT 28, Sofacy Group, and Sednit, among other monikers—the Ubiquiti intrusion relied on a known malware, Moobot.

    “For the second time in two months, we’ve disrupted state-sponsored hackers from launching cyber-attacks behind the cover of compromised US routers,” said Deputy Attorney General Lisa Monaco in a press release.

    Christopher A. Wray, director of the FBI, expanded on the Fancy Bear operation and international hacking threats generally at the ongoing Munich Security Conference.

    Malware said by the DOJ to be tied to the Chinese government was removed from SOHO routers by the FBI last month in similar fashion to the most recently revealed operation, targeting Cisco and Netgear devices that had mostly reached their end of life and were no longer receiving security patches.


    The original article contains 550 words, the summary contains 211 words. Saved 62%. I’m a bot and I’m open source!

      • Suzune
        link
        fedilink
        English
        arrow-up
        3
        ·
        10 months ago

        I think default passwords are not even enough. There must be some additional fuckup unmentioned. Usually such devices don’t expose the management interface publicly, so a password wouldn’t be enough.

      • Potatos_are_not_friends@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        10 months ago

        That’s not the fault of the government. The fact that they were able to do this without disruption or people even recognizing is a pretty big win.