U.S. Government Disrupts Russian-Linked Botnet Engaged in Cyber Espionage

By neub9
2 Min Read

Feb 16, 2024Newsroom

Botnet / Network Security

The U.S. government announced on Thursday that it has successfully disrupted a botnet made up of hundreds of small office and home office (SOHO) routers. The botnet was being used by the Russia-linked APT28 actor to hide its malicious activities.

“These crimes included vast spear-phishing and similar credential harvesting campaigns against targets of intelligence interest to the Russian government, such as U.S. and foreign governments and military, security, and corporate organizations,” the U.S. Department of Justice (DoJ) said in a statement.

APT28, also known under various other names, is believed to be linked to Unit 26165 of Russia’s Main Directorate of the General Staff (GRU) and has been active since at least 2007.

Court documents allege that the attackers compromised routers made by Ubiquiti to form a botnet and carried out cyber espionage campaigns.

The botnet, the DoJ said, allowed the threat actors to conceal their location, harvest credentials, and NT LAN Manager (NTLM) v2 hashes, as well as host spear-phishing landing pages and custom tooling for malicious activities.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *