FBI Warns Russian Hackers Are Using ‘Compromised’ Routers to Launch Stealthy Cyberattacks in America – Here’s How YOU Can Protect Yourself

The FBI warned this week that Russian state hackers are using “compromised” routers to hack into people’s computers.

According to the FBI, the routers of individuals and companies were secretly used to commit cybercrime, with the aim of gaining access to US government networks.

In a joint statement with the National Security Agency (NSA), the US Cyber ​​Command and the intelligence agencies of ten other countries, the FBI urged anyone using the affected routers to take certain precautions to prevent their data from being compromised. stolen.

The routers in question are Ubiquiti EdgeRouters and the precautions (described below in this article) include resetting passwords and performing a hardware reset to factory settings.

Because these routers come from the factory with lax security settings, they are particularly vulnerable to cyberattacks, the FBI said in its announcement.

Hackers can put together a so-called ‘botnet’

And because of their affordable price – $59 for the company’s cheapest model – they are common for home and office use.

WHAT IS A BOTNET?

A botnet is a chain of computers that have been co-opted using malicious code.

Hackers use these computer networks to conduct a variety of attacks, including massive spam campaigns and DDoS attacks designed to overload servers and compromise an entity’s infrastructure.

According to Norton Security:

‘A botnet is nothing more than a series of connected computers that perform a task together. This could be maintaining a chat room, but also taking control of your computer.’

Norton

“Ubiquiti EdgeRouters have an easy-to-use, Linux-based operating system that makes them popular with consumers and malicious cyber actors alike,” the FBI wrote in the joint rack.

‘EdgeRouters often come with default credentials and limited to no firewall protection to accommodate wireless Internet service providers (WISPs).

Additionally, EdgeRouters do not automatically update firmware unless a consumer configures them to do so.”

These routers were covertly incorporated into a botnet, making people’s and companies’ computers unwittingly complicit in cybercrime involving spear phishing.

These targeted attacks aim to steal credentials, often from government employees, in order to gain access to secure networks.

In a spear phishing attack, a specific person is targeted.

The victim may receive a legitimate-looking email from a commonly used website. Spear phishing emails can ask them to, for example, update their password on Amazon or change their payment method for Netflix.

But when they click on the link, they are sent to a fake website that looks just like the real one.

When the target enters their username and password, they may be redirected to the real website.

But their personal information is now the hackers’ property.

The FBI and other US law enforcement agencies claimed to have thwarted a Russian-backed botnet attack in mid-February, but warned that the group involved, known among others as APT28, is still very active.

The botnet that hosted these spear-phishing landing sites was controlled by the Main Intelligence Directorate of the General Staff (GRU) of the Russian Federation, according to the FBI.

READ MORE: Secret world of China’s international hacking networks exposed

A major leak reveals how the state is monitoring dissidents abroad, launching cyber attacks on other countries and using propaganda on social media.

Reacting to news of the leaks, Chinese Foreign Ministry spokesman Mao Ning claimed that the US has long been working to compromise the country’s critical infrastructure. She demanded that the US “stop using cybersecurity issues to smear other countries.”

Specifically, the agency suspected GRU Military Unit 26165 – also known as APT 28, Sofacy Group, Forest Blizzard, Pawn Storm, Fancy Bear and Sednit.

If an EdgeRouter is compromised, restarting it will not remove the malware, the federal law enforcement agency warned.

Anyone who owns a Ubuquiti EdgeRouter recommends the following steps to ensure your device is secure:

  1. Perform a hardware factory reset to clear file systems of malicious files.
  2. Upgrade to the latest firmware version.
  3. Change any default usernames and passwords.
  4. Implement strategic firewall rules on WAN interfaces to prevent unwanted exposure of remote management services.

“In addition, all network owners should keep their operating systems, software and firmware up to date,” the FBI advised. “Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize exposure to cybersecurity threats.”

In mid-February, the FBI announced that it had disrupted a Russian botnet controlled by the GRU.

Using a network of hundreds of routers, GRU Military Unit 26165 had hidden and launched a variety of cybercrimes.

“These crimes include large-scale spear-phishing and similar credential collection campaigns against targets of intelligence interest to the Russian government, such as U.S. and foreign governments and military, security, and corporate organizations,” the FBI alleged in a report. announcement at the time.

Related Post