Home Tech FBI warns Russian hackers are using ‘compromised’ routers to launch stealthy cyberattacks in America – here’s how YOU can protect yourself

FBI warns Russian hackers are using ‘compromised’ routers to launch stealthy cyberattacks in America – here’s how YOU can protect yourself

0 comments
Hackers can create so-called 'botnet'

The FBI warned this week that Russian state-backed hackers are using “compromised” routers to infiltrate people’s computers.

According to the FBI, routers of individuals and companies were secretly used to carry out cybercrimes, with the aim of accessing US government networks.

In a joint statement with the National Security Agency (NSA), the US Cyber ​​Command and the intelligence services of 10 other nations, the FBI urged anyone using the affected routers to take certain precautions to avoid steal your data.

The routers in question are Ubiquiti EdgeRouters and the precautions, outlined below in this article, include resetting passwords and performing a factory hardware reset.

Because these routers come from the factory with lax security settings, they are particularly vulnerable to cyberattacks, the FBI said in its announcement.

Hackers can create so-called 'botnet'

Hackers can create so-called ‘botnet’

And because of their affordable price ($59 for the company’s cheapest model), they are common for home and office use.

WHAT IS A BOTNET?

A botnet is a chain of computers that have been co-opted using malicious code.

Hackers use these computer networks to launch various attacks, including massive spam campaigns and DDoS attacks aimed at overloading servers and compromising an entity’s infrastructure.

According to Norton Security:

‘A botnet is nothing more than a series of computers connected and coordinated to perform a task. That could be maintaining a chat room or taking control of your computer.”

norton

“Ubiquiti EdgeRouters have an easy-to-use Linux-based operating system that makes them popular with both consumers and malicious cyber attackers,” the FBI wrote in the joint report. statement.

‘EdgeRouters are often shipped with default credentials and limited or no firewall protections to accommodate Wireless Internet Service Providers (WISPs).

Additionally, EdgeRouters do not update firmware automatically unless a consumer configures them to do so.’

These routers had been covertly included in a botnet, turning people’s and businesses’ computers into unwitting accomplices in phishing-related cybercrimes.

These targeted attacks aim to steal login credentials, often from government employees, as a way to gain access to secure networks.

In a phishing attack, the target is a specific person.

The victim may receive a seemingly legitimate email from a commonly used website. Spearphishing emails may ask you to update your password on Amazon or change your payment method for Netflix, for example.

But when they click on the link, they are sent to a fake website, which looks real.

When the target enters their username and password, they may be redirected to the real website.

But your personal information is now the property of hackers.

The FBI and other US law enforcement agencies said they thwarted a Russian-backed botnet attack in mid-February, but warned that the group involved, known as APT28, among other names, is still very active.

The FBI and other US law enforcement agencies said they thwarted a Russian-backed botnet attack in mid-February, but warned that the group involved, known as APT28, among other names, is still very active.

The FBI and other US law enforcement agencies said they thwarted a Russian-backed botnet attack in mid-February, but warned that the group involved, known as APT28, among other names, is still very active.

The botnet hosting these phishing landing sites was controlled by the Main Intelligence Directorate of the General Staff (GRU) of the Russian Federation, according to the FBI.

READ MORE: The secret world of China’s international hacking networks exposed

A major leak reveals how the state surveils dissidents abroad, launches cyberattacks on other nations and uses propaganda on social media.

FBI warns Russian hackers are using compromised routers to launch

FBI warns Russian hackers are using compromised routers to launch

Responding to news of the leaks, Chinese Foreign Ministry spokesman Mao Ning said the United States has long been working to compromise the country’s critical infrastructure. He demanded that the United States “stop using cybersecurity issues to smear other countries.”

Specifically, the agency suspected Military Unit GRU 26165, also known as APT 28, Sofacy Group, Forest Blizzard, Pawn Storm, Fancy Bear, and Sednit.

If an EdgeRouter is compromised, restarting it will not remove the malware, the federal law enforcement agency warned.

For anyone who owns a Ubuquiti EdgeRouter, they recommended the following steps to ensure your device is secure:

  1. Perform a hardware factory reset to remove malicious files from the file systems.
  2. Update to the latest firmware version.
  3. Change the default usernames and passwords.
  4. Implement strategic firewall rules on WAN-side interfaces to prevent unwanted exposure of remote management services.

“In addition, all network owners should keep their operating systems, software, and firmware up to date,” the FBI advised. “Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize its exposure to cybersecurity threats.”

In mid-February, the FBI announced that it had taken down a Russian botnet controlled by the GRU.

Using a network of hundreds of routers, Military Unit GRU 26165 had been hiding and launching a variety of cybercrimes.

“These crimes included extensive phishing campaigns and similar credential harvesting campaigns against targets of intelligence interest to the Russian government, such as U.S. and foreign governments and military, security, and corporate organizations,” the FBI said in a statement. advertisement At the time.

You may also like