The U.S. Department of Justice (DOJ) said on Thursday that it had disrupted a hacking network believed to be controlled by Russia’s Main Intelligence Directorate, better known as the GRU.
The hacking network, also known as a botnet, worked by compromising and installing malware on vulnerable computer routers around the globe, which could then be used to stage later attacks.
The DOJ said that authorities launched “a court-authorized operation” in January to neutralize a network of hundreds of small or home office routers hacked by the Russian military unit known as “APT 28.”
The infected routers were used to conceal or enable “vast spearphishing and similar credential harvesting campaigns” against “targets of intelligence interest” to the Russian government, such as U.S. and foreign governments and military, security, and corporate organizations.
“Russia’s GRU continues to maliciously target the United States through their botnet campaigns,” FBI Director Christopher Wray said in a press release.
Mr. Wray said that the FBI utilized its technical capabilities to disrupt “Russia’s access to hundreds of routers belonging to individuals in addition to small and home offices.”
“This type of criminal behavior is simply unacceptable, and the FBI, in coordination with our federal and international partners, will not allow for any of Russia’s services to negatively impact the American people and our allies,” he added.
To neutralize the GRU’s access, the FBI leveraged the malware to copy and delete stolen and malicious data from compromised routers, modifying the routers’ firewall rules to block remote management access.
The department said the steps are temporary and that users can roll back the firewall rule changes by undertaking factory resets of their routers.
“In this case, Russian intelligence services turned to criminal groups to help them target home and office routers, but the Justice Department disabled their scheme,” Attorney General Merrick Garland stated.
“We will continue to disrupt and dismantle the Russian government’s malicious cyber tools that endanger the security of the United States and our allies,” he added.
Deputy Attorney General Lisa Monaco said this marks the second time in two months that the DOJ had disrupted “state-sponsored hackers” from launching cyberattacks behind the cover of compromised U.S. routers.
Factory Reset
The FBI has advised router owners to perform a hardware factory reset to flush the file systems of malicious files and implement strategic firewall rules in order to better protect their devices.The DOJ stated that allegations of APT28 activity have been the subject of a private sector cybersecurity advisory and a Ukrainian government warning in recent months.
APT28 is the same hacking network allegedly responsible for the recent phishing attacks against Ukrainian military personnel. The National Cybersecurity Coordination Center said last month that hackers aimed to gain access to the mailboxes of military personnel and units of the Ukrainian Defense Forces.
