The U.S. Department of Justice announced this week that it had shut down a computer network controlled by Russian hackers that used hundreds of routers in homes and small offices. The operation, which took place in January 2024 but only now became known, was approved by court order.
According to the statement, the computer network, or botnet, was created by a known criminal group that infected routers that were still using “publicly known default administrator passwords” with the Moobot malware. The Russian agency GRU then installed its own scripts using the Moobot malware.
Tech Dec 07
Security November 1st
Prominent among the crimes are the extensive phishing and credential theft campaigns against targets of intelligence interest to the Russian government, such as U.S. and foreign governments, as well as military, security and corporate organizations.
However, after the botnet was discovered, the Justice Department used the Moobot malware to copy the stolen files and then delete them from routers. He also modified the firewalls of these routers to ensure that they could remotely block any access attempts.
The agency will inform the owners of these routers what happened to them and require that these devices be fully reset. You will also be asked to install the latest version of router firmware and of course strongly recommend that routers get new passwords.
This is the second time in 2024 that the Justice Department has disrupted a criminal botnet. In a statement, United States Attorney General Merrick B. Garland said:
“In this case, Russian intelligence services reached out to criminal groups to help them attack home and office routers, but the Justice Department shut down their plan. We will continue to disrupt and dismantle the Russian government’s malicious cyber tools that endanger the security of the United States and our allies.”
There is no concrete information about the data the botnet collected before it was shut down.
Also see