Feb 16, 2024 - Technology

Department of Justice takes down Russian intelligence botnet

Illustration of a hand in gloves and a winter jacket on a computer mouse

Illustration: Sarah Grillo/Axios

The Justice Department said Thursday it has successfully seized and dismantled access to a series of routers that Russian military hackers had used to target the U.S. and other governments.

Why it matters: The latest botnet takedown adds to a growing list of operations the DOJ has undertaken to dismantle the web infrastructure hackers rely on in their attacks.

Details: The DOJ received a court order last month to cut off access to a network of Ubiquiti EdgeOS routers that had been infected with the Moobot malware, creating a botnet.

  • Fancy Bear, a hacking group tied to Russia's military intelligence services, used this botnet to monitor web traffic and spy on potential targets.
  • Each of the infected routers still used the default administrator password.
  • Law enforcement agents were able to remove the malware from the infected routers and modify each router's firewall rules to block remote management access on those devices.
  • U.S. government agents "extensively tested" the operation before launching it to ensure the operation did not affect the routers' normal functions, the DOJ said.

Driving the news: FBI Director Christopher Wray unveiled the latest botnet takedown during remarks at the Munich Security Conference on Thursday.

The big picture: Nation-state hackers are increasingly targeting routers to both collect whatever sensitive data is transmitted through internet networks and leverage their access to be able to sneak onto someone's entire network.

Yes, but: Botnet takedowns aren't a permanent solution, and hackers are often able to rebuild a botnet using a different set of vulnerable devices.

Be smart: The DOJ recommends that router owners change the default usernames and passwords and upgrade their devices to the latest firmware versions.

Go deeper