The FBI has warned this week that Russian state-backed hackers are using ‘compromised’ routers to sneak into people’s computers.

Individuals’ and businesses’ routers were secretly used to perpetrate cybercrimes, with the goal of accessing US government networks, according to the FBI.

In a joint statement with the National Security Agency (NSA), US Cyber Command, and 10 other nations’ intelligence services, the FBI urged anyone who uses the affected routers to take certain precautions to avoid having their data stolen.

The routers in question are Ubiquiti EdgeRouters, and the precautions – outlined below in this article – include resetting passwords and performing a factory hardware reset.

Because these routers come from the factory with lax security settings, they are particularly vulnerable to cyberattacks, the FBI said in its announcement.

Hackers can assemble a so-called 'botnet'

Hackers can assemble a so-called 'botnet'

Hackers can assemble a so-called ‘botnet’ 

And because of their affordable price – $59 for the company’s cheapest model – they are common for home and office use. 

WHAT IS A BOTNET?

A botnet is a chain of computers that has been co-opted using malicious code. 

Hackers use these networks of computers to help them launch various attacks, including mass spam campaigns and DDoS attacks meant to overload servers and imperil an entities infrastructure. 

According to Norton Security:

‘A botnet is nothing more than a string of connected computers coordinated together to perform a task. That can be maintaining a chatroom, or it can be taking control of your computer.’

Norton 

<!—->

Advertisement

‘Ubiquiti EdgeRouters have a user-friendly, Linux-based operating system that makes them popular for both consumers and malicious cyber actors,’ wrote the FBI in the joint statement.

‘EdgeRouters are often shipped with default credentials and limited to no firewall protections to accommodate wireless internet service providers (WISPs). 

Additionally, EdgeRouters do not automatically update firmware unless a consumer configures them to do so.’

These routers had been covertly enlisted into a botnet, making people’s and businesses’ computers unwitting accomplices in cybercrimes involving spearphishing.

These targeted attacks are aimed at stealing login credentials, often from government employees, as a way to gain access to secure networks.

In a spearphishing attack, a specific person is targeted.

The victim may be sent a legitimate-looking email from a commonly used website. Spearphishing emails may ask them to update their password on Amazon or change their payment method for Netflix, for example.

But when they click the link, they are sent to a fake website – which looks just like the real thing.

When the target enters their username and password, they may actually be redirected to the real website. 

But their personal information is now owned by the hackers. 

The FBI and other US law enforcement agencies claimed that they thwarted a Russian-backed botnet attack in mid-February, but they warned that the group involved, known by APT28 among other names, is still very much active.

The FBI and other US law enforcement agencies claimed that they thwarted a Russian-backed botnet attack in mid-February, but they warned that the group involved, known by APT28 among other names, is still very much active.

The FBI and other US law enforcement agencies claimed that they thwarted a Russian-backed botnet attack in mid-February, but they warned that the group involved, known by APT28 among other names, is still very much active.

The botnet that hosted these spearphishing landing sites was controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU), according to the FBI.

READ MORE: Secret world of China’s international hacking networks exposed

Major leak reveals how state surveils dissidents overseas, launches cyberattacks other nations and uses propaganda on social media. 

In response to the news of the leaks, Chinese Foreign Ministry spokesperson Mao Ning claimed that the U.S. has long been working to compromise the country's critical infrastructure. She demanded that the U.S. 'stop using cybersecurity issues to smear other countries.'

In response to the news of the leaks, Chinese Foreign Ministry spokesperson Mao Ning claimed that the U.S. has long been working to compromise the country's critical infrastructure. She demanded that the U.S. 'stop using cybersecurity issues to smear other countries.'

In response to the news of the leaks, Chinese Foreign Ministry spokesperson Mao Ning claimed that the U.S. has long been working to compromise the country’s critical infrastructure. She demanded that the U.S. ‘stop using cybersecurity issues to smear other countries.’

<!—->

Advertisement

Specifically, the agency suspected GRU Military Unit 26165 – also known as APT 28, Sofacy Group, Forest Blizzard, Pawn Storm, Fancy Bear, and Sednit.

If an EdgeRouter is compromised, rebooting it will not remove malware, the federal law enforcement agency warned. 

For anyone who owns a Ubuquiti EdgeRouter, they recommended the following steps to ensure your device is safe:

  1. Perform a hardware factory reset to flush file systems of malicious files.
  2. Upgrade to the latest firmware version.
  3. Change any default usernames and passwords.
  4. Implement strategic firewall rules on WAN-side interfaces to prevent the unwanted exposure of remote management services.

‘Additionally, all network owners should keep their operating systems, software, and firmware up to date,’ the FBI advised. ‘Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize its exposure to cybersecurity threats.’

In mid-February, the FBI announced that it had disrupted a Russian botnet controlled by GRU.

Using a network of hundreds of the routers, GRU Military Unit 26165 had been concealing and launching a variety of cybercrimes.

‘These crimes included vast spearphishing and similar credential harvesting campaigns against targets of intelligence interest to the Russian government, such as U.S. and foreign governments and military, security, and corporate organizations,’ the FBI claimed in an announcement at the time. 

This post first appeared on Dailymail.co.uk

You May Also Like

PlayStation fans can grab three more games coming for free – but they are still disappointed

PLAYSTATION has just announced three more free games that are coming to…

The White House Just Announced a $623 Million EV-Charging Bonanza

In California, the Bay Area’s Contra Costa County will get $15 million,…

Travel Apps Are Betting That Paying You Will Win Your Business

Listen to article (2 minutes) Would you check a travel app almost…

CEO of Israeli Pegasus spyware firm NSO to step down

CEO Shalev Hulio is stepping down as part of NSO reorganisation that…