US officials said they had disrupted a hacking network linked to Russian intelligence services.
They say the hackers – believed to be from the secret hacking arm of Russia Main Intelligence Directorate (known as the GRU) – gained access to more than 1,000 personal and small business Internet routers in we And all over the world.
The hackers then used the infected devices to launch “harvesting campaigns” against targets of “intelligence interest” to the Russian government, according to the US Department of Justice.
However, the department says the campaign was disrupted by US officials, including teams from the FBI, who secretly managed to “neutralize” the network by making remote changes to infected routers.
US Deputy Attorney General, Lisa Monaco, said this is the second time in two months that the department has prevented state-sponsored hackers from launching… Cafe attack Behind the hood of hacked routers.
“In this case, Russian intelligence services turned to criminal groups to help them target routers in homes and offices,” US Attorney General Merrick Garland said in a statement about the operation.
“But the Department of Justice stopped their scheme. We will continue to disrupt and dismantle the Russian government's malicious cyber tools that put the security of the United States and our allies at risk.”
How does the hack work?
The Justice Department blamed the attack on hacking group Fancy Bear – also known as APT 28 – which the US claims is the secret hacking arm of the GRU, known as Unit 26165.
They say it's about hackers exploiting a certain type of Internet router that still uses known default administrator passwords — which in some cases can be as simple as “password,” “0000,” or “1111.”
Read more from Sky News:
Setting the date for Donald Trump's trial in the hush money case
Parents of gun violence victims in the US are using artificial intelligence to recreate their voices
After gaining access to the default passwords, the hackers then infected the devices with malware.
In doing so, they created what is known as a “botnet” – a network of private computers infected with malware and controlled as a group without their owners’ knowledge.
The botnet included devices in the United States and other parts of the world, and the United States designated it as a “global cyber espionage platform.”
Operation Ember Death
Armed with a court order, and in an operation called Dying Ember, the FBI in January was able to disrupt the botnet by copying and deleting stolen data before remotely changing the devices' firewall settings to prevent further access.
“Operation Dying Ember was an international effort led by FBI Boston to address more than a thousand compromised routers belonging to unsuspecting victims here in the United States, and around the world,” said Special Agent in Charge, Judy Cohen, of the FBI Boston Field Office. Which have been targeted by malicious nation-state actors in Russia to facilitate strategic intelligence gathering.
He added: “This operation must make clear to our adversaries that we will not allow anyone to exploit our technology and networks.”
The FBI has urged all victims to perform a hardware factory reset to clear file systems of malicious files and upgrade to the latest firmware version, as well as change any default usernames and passwords and implement strategic firewall rules.
