The FBI, NSA, US Cyber Command, and international partners warn of the Moobot botnet used by Russia-linked APT28 and other cybercriminals.

Moobot, active since 2016, engages in credential harvesting, traffic proxying, and spear-phishing.

Russia-linked APT group Pawn Storm and various cybercriminal organizations leverage compromised Ubiquiti EdgeRouters for malicious activities.

Compromised devices include EdgeRouters, Raspberry Pi units, and datacenter VPS IP addresses, used for SSH brute forcing, spam, attacks, phishing, crypto mining, and spear-phishing.

A new, more secure botnet running Ngioweb malware has been found on EdgeRouters previously targeted by Pawn Storm.

The persistent exploitation of internet-facing routers underscores the critical need for improved device security.