Neutralizing Botnet APT28 by the FBI: Intervention in Cyberspace


Pharmacy of the Department of Justice: FBI and GRU Military Unit 26165

The Department of Justice recently announced success in disrupting a botnet operated by the Russian military unit GRU Military Unit 26165, also known as APT28. The FBI’s actions led to the neutralization of a malicious software network that was used for a series of attacks on government institutions, military entities, and companies.

Detection and Neutralization of Malicious Software Network

The FBI revealed that a malicious software network consisting of hundreds of Ubiquiti Edge OS routers was used by APT28 to conduct spear-phishing attacks and gather authentication data against key institutions. The botnet utilized the harmful malware Moobot, known for targeting IoT devices and routers through vulnerability exploitation or brute-force attacks on weak default passwords.

Intervention by the Department of Justice and FBI

The Department of Justice obtained a court order to copy and remove stolen data and malicious software from infected routers. Subsequently, the devices were neutralized by changing firewall rules to block remote access to their management.

Collaboration with National and International Partners

The FBI emphasizes that it collaborates with both national and international partners in the fight against Russian services’ influence on American citizens and allies. These actions aim to ensure cybersecurity and safeguard key institutions from attacks.

Return to Normal for Users

Users affected by the FBI operation in conjunction with the Department of Justice have the opportunity to restore firewall settings by resetting routers to factory settings or changing default administrator passwords. These steps allow for the restoration of full device functionality.

Combatting Cybercrime

This operation is one of the latest efforts by American law enforcement agencies in combating cybercrime. In recent months, attacks have been directed at various groups and botnets, such as BlackCat ransomware, Volt Typhoon, and Turla’s Snake. These actions demonstrate a determination to combat cyber threats.