Subj : US crimefighters shut down botnet used by Russian Fancy Bear hack To : All From : TechnologyDaily Date : Fri Feb 16 2024 16:30:06 US crimefighters shut down botnet used by Russian Fancy Bear hackers Date: Fri, 16 Feb 2024 16:14:48 +0000 Description: DoJ expels Fancy Bear out of hundreds of routers which were used for attacks against Ukraine. FULL STORY ====================================================================== US law enforcement agents have revealed their success in shutting down a malicious botnet used by the notorious Fancy Bear hackers. The U.S. Department of Justice (DoJ) said in a press release its agents conducted a court-authorized operation that has neutralized a network of hundreds of small office/home office (SOHO) routers. As explained by the DoJ, most of the Ubiquiti Edge OS routers used in the botnet were previously infected by malware called Moobot, which was developed by a private hacking group. This group targeted routers with factory settings and otherwise easy-to-guess passwords to install the malware. Then, APT 28 swooped in and took over the malware, turning the infected devices into a global cyber espionage platform. Using malware to destroy malware For the uninitiated, Fancy Bear is also known as Sofancy, and APT 28, and is a Russian state-sponsored threat actor under the direct command of the Russian Federations Main Intelligence Directorate of The General Staff (GRU). The botnet was used, the DoJ further explained, for a wide variety of cybercriminal activities, including campaigns against Ukraine, which are a part of Russias war effort against its south-western neighbor. Given that the majority of the infected routers were located in the United States, it seemed as if the Americans were targeting the Ukrainian infrastructure with distributed denial of service attacks, phishing, and more. To take down the botnet, the DoJs agents used the Moobot malware to copy and delete stolen and malicious data and files from compromised routers. Additionally, in order to neutralize the GRUs access to the routers until victims can mitigate the compromise and reassert full control, the operation reversibly modified the routers firewall rules to block remote management access to the devices, and during the course of the operation, enabled temporary collection of non-content routing information that would expose GRU attempts to thwart the operation, the DoJ further explained. The action did not impact the routers normal functionality, or collected legitimate user content information. Furthermore, users can roll back the firewall rule changes and factory-reset their devices, after which it would be wise to change the passwords to something harder to break. More from TechRadar Pro Fancy Bear is moving into Linux malware Here's a list of the best firewalls around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/us-crimefighters-shut-down-botnet-used- by-russian-fancy-bear-hackers --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .