Alert: Ubiquiti Routers Targeted by Russian APT28 Group for Global Cyber Attacks

May 4, 2024
Alert: Ubiquiti Routers Targeted by Russian APT28 Group for Global Cyber Attacks
  • The FBI, NSA, US Cyber Command, and international partners warn of the Moobot botnet used by Russia-linked APT28 and other cybercriminals.

  • Moobot, active since 2016, engages in credential harvesting, traffic proxying, and spear-phishing.

  • Russia-linked APT group Pawn Storm and various cybercriminal organizations leverage compromised Ubiquiti EdgeRouters for malicious activities.

  • Compromised devices include EdgeRouters, Raspberry Pi units, and datacenter VPS IP addresses, used for SSH brute forcing, spam, attacks, phishing, crypto mining, and spear-phishing.

  • A new, more secure botnet running Ngioweb malware has been found on EdgeRouters previously targeted by Pawn Storm.

  • The persistent exploitation of internet-facing routers underscores the critical need for improved device security.

Summary based on 1 source


Get a daily email with more Tech stories

Source

More Stories