The FBI worked with other foreign partners to disrupt the GRU-led campaign.
The FBI announced Thursday that it successfully thwarted a Russian GRU-led hacking operation that compromised more than 1,000 home and small business routers used to carry out cyber operations against countries around the world, including the United States.
The Justice Department says law enforcement efforts in conjunction with other foreign partners were successful in cutting off GRU operators' ability to boot and regain access to the routers.
The agency said the routers had specific malware installed on them, called Moobot, that the GRU used to infiltrate routers and turn them into “global cyber espionage platforms.” announced that it had been identified.
The Justice Department said the GRU used the compromised routers to carry out a variety of crimes, including “targets of Russian government intelligence, including U.S. and foreign government, military, national security, and business interests.” It also included a “massive spear phishing” campaign aimed at organization. ”
The Justice Department announced last month that in a court-sanctioned operation, the malware was used to copy and delete malicious data from routers, giving victims complete control of their networks.
“The Department of Justice is accelerating its efforts to disrupt the Russian government's cyber attacks against the United States and its allies, including Ukraine,” Attorney General Merrick Garland said in a release announcing the disruption campaign. “In this case, Russian intelligence services enlisted the help of a criminal group to target routers in homes and offices, but the Department of Justice nullified their plan. We put the security of the United States at risk. “We will continue to disrupt and dismantle the Russian government's malign cyber tools” and our allies. ”
FBI Director Christopher Wray first announced news of the disruption operation, dubbed “Operation Dying Ember,” during remarks at the Munich Security Conference on Thursday.
“Through these operations, and others like them, our experience has focused on all the factors that drive criminal organizations,” Ray said. “Because we don't just want to hit them, we want to hit them wherever it hurts and knock them down hard.”
The operation follows a similar sabotage operation announced by the FBI just two weeks ago, in which hundreds of home and small business routers were allegedly used to target critical infrastructure networks in the United States. Chinese government-backed hackers were expelled from the
The FBI also issued an advisory saying it is working with internet providers to alert other potential victims whose servers were affected.
