Alert: Ubiquiti Routers Targeted by Russian APT28 Group for Global Cyber Attacks
May 4, 2024The FBI, NSA, US Cyber Command, and international partners warn of the Moobot botnet used by Russia-linked APT28 and other cybercriminals.
Moobot, active since 2016, engages in credential harvesting, traffic proxying, and spear-phishing.
Russia-linked APT group Pawn Storm and various cybercriminal organizations leverage compromised Ubiquiti EdgeRouters for malicious activities.
Compromised devices include EdgeRouters, Raspberry Pi units, and datacenter VPS IP addresses, used for SSH brute forcing, spam, attacks, phishing, crypto mining, and spear-phishing.
A new, more secure botnet running Ngioweb malware has been found on EdgeRouters previously targeted by Pawn Storm.
The persistent exploitation of internet-facing routers underscores the critical need for improved device security.
Summary based on 1 source
Get a daily email with more Tech stories
Source
Security Affairs • May 3, 2024
Russia-linked APT28 and crooks are still using the Moobot botnet