US Government Disrupts Russian GRU Botnet Running on Home and Small Business Routers

The US government recently announced it disrupted a botnet allegedly belonging to Russia’s GRU. Authorities believe the intelligence service used the botnet for malicious operations, including phishing attacks, credential harvesting, spying, and data theft against strategic targets and foreign governments.

Over a Thousand Small Business and Home Routers Involved in Botnet

The dismantling of the botnet was part of a legally sanctioned operation in January that took down over 1,000 small business and home routers, all compromised by Moobot malware.

According to FBI Director Christopher Wray, Moobot is a variant of Mirai malware, notorious for its ability to zombify Linux devices, turning them into remotely controlled bots, integrating them into botnets, and using them in large-scale network attacks.

Much like the malware that inspired it, Moobot lets cybercriminals remotely manage infected devices and use them for targeted attacks against chosen victims.

Unlike Other GRU-controlled Malicious Networks

However, the recently dismantled botnet stands apart from past malicious networks operated by the GRU and Russian Federal Security Service (FSB). Rather than creating it from scratch, the GRU harnessed Moobot, a malware linked to a well-known cybercrime syndicate, as the foundation for their malicious activities.

“Non-GRU cybercriminals installed the Moobot malware on Ubiquiti Edge OS routers that still used publicly known default administrator passwords,” the US Department of Justice (DoJ) said in a press release. “GRU hackers then used the Moobot malware to install their own bespoke scripts and files that repurposed the botnet, turning it into a global cyber espionage platform.”

Threat actors used the bot’s harmful abilities for cybercrimes such as spearphishing and credential harvesting campaigns against strategic targets such as the US and foreign governments and corporate and security organizations.

Botnet Taken Down, Rightful Owners To Retake Control Over Routers

According to the DoJ, authorities instructed Moobot to “copy and delete stolen and malicious data and files from compromised routers.”

They altered the routers’ firewall settings to block remote access, hindering the GRU’s ability to reach the devices until the rightful owners could securely retake control. They also established a temporary measure to gather non-content routing data from affected devices, aiming to expose any GRU efforts to interfere with the operation.

Botnets Are No Joke, But They Can Be Kept In Line

The threats posed by botnets should not be underestimated: they serve as a destructive force in the threat landscape, their power growing with each device that joins the ranks of this digital horde of compromised systems.

Having your device co-opted into a botnet could spell disaster. It allows threat actors to take remote control of your system, jeopardizing your data, documents, and both digital and physical assets. Moreover, your device could be involved in complex cybercriminal activities without your consent or knowledge.

Dedicated software can give you the upper hand against botnets and their ever-growing reach, thwarting their propagation on your network and shielding you from any associated malware. Bitdefender Ultimate Security can protect you against botnets, viruses, worms, Trojans, zero-day exploits, ransomware, spyware, rootkits, and other digital intrusions.