DOJ Reports FBI Breaks Down Russian Intelligence Services Connected Hacking Network
The U.S. Department of Justice (DOJ) has announced that it disrupted a hacking network believed to be controlled by Russia’s Main Intelligence Directorate, also known as the GRU. This network, a botnet, worked by installing malware on vulnerable computer routers around the world, which could then be used to stage later attacks. The DOJ said that authorities launched an operation to neutralize a network of hundreds of small or home office routers hacked by the Russian military unit known as “APT 28.” The infected routers were used to conceal or enable “vast spearphishing and similar credential harvesting campaigns” against “targets of intelligence interest” to the Russian government. FBI Director Christopher Wray stated that the FBI utilized its technical capabilities to disrupt “Russia’s access to hundreds of routers belonging to individuals in addition to small and home offices.”
Related Stories
“This type of criminal behavior is simply unacceptable, and the FBI, in coordination with our federal and international partners, will not allow for any of Russia’s services to negatively impact the American people and our allies,” he added.
To neutralize the GRU’s access, the FBI leveraged the malware to copy and delete stolen and malicious data from compromised routers, modifying the routers’ firewall rules to block remote management access. The department said the steps are temporary and that users can roll back the firewall rule changes by undertaking factory resets of their routers.
“In this case, Russian intelligence services turned to criminal groups to help them target home and office routers, but the Justice Department disabled their scheme,” Attorney General Merrick Garland stated.
“We will continue to disrupt and dismantle the Russian government’s malicious cyber tools that endanger the security of the United States and our allies,” he added.
Deputy Attorney General Lisa Monaco said this marks the second time in two months that the DOJ had disrupted “state-sponsored hackers” from launching cyberattacks behind the cover of compromised U.S. routers.
Factory Reset
The FBI has advised router owners to perform a hardware factory reset to flush the file systems of malicious files and implement strategic firewall rules in order to better protect their devices.
The DOJ stated that allegations of APT28 activity have been the subject of a private sector cybersecurity advisory and a Ukrainian government warning in recent months. APT28 is the same hacking network allegedly responsible for the recent phishing attacks against Ukrainian military personnel, aiming to gain access to the mailboxes of military personnel and units of the Ukrainian Defense Forces.
Reuters contributed to this report.
