FBI Breaks Up Russian Cyber Intrusion Group
The FBI has stopped the cyber intrusions of a sophisticated hacking network with ties to the Russian intelligence service.
- The group accessed over 1,000 US and international personal and small business internet routers by exploiting default passwords.
- The hackers planted malware to create a “Botnet,” a network of compromised computers controlled by the attackers.
The Federal Bureau of Investigation (FBI) has disrupted a hacking network that could be traced back to the Russian intelligence service.
The operation uncovered a sophisticated scheme in which hackers gained access to over 1,000 US and international personal and small business internet routers by using default passwords.
According to the U.S. Justice Department (DOJ), officials identified the hacker group as Fancy Bear (also known as APT28) and believe that the hackers are associated with Russia’s Main Intelligence Directorate (GRU). The cyber intrusion employed compromised routers to conduct “harvesting campaigns” against targets aligned with Russian intelligence interests. They exploited routers with default administrator passwords, like “password” or “0000.” Once in, they planted malware to create a “Botnet,” a network of compromised computers controlled by the attackers.
However, the FBI secretly thwarted their plans as they remotely neutralized the network by making critical adjustments to the infected routers. The operation, termed “Operation Dying Ember,” utilized legal measures to disrupt Botnet’s operations. The agents obtained a court order that allowed them to effectively disable the network. They also deleted stolen data and malware from the compromised routers while they were at it. They went the extra mile too, remotely changing firewall settings to block further access.
During his address at the Munich Security Conference, FBI director Christopher A. Wray emphasized the wider ramifications of these cyber intrusions. He stressed ongoing concerns regarding hacking endeavors backed by China and Russia, particularly those directed at critical sectors such as telecommunications and energy.
This situation shows the persistent threat of state-sponsored hacking activities, particularly from Russia and China. They usually target critical infrastructure, such as the telecommunications and energy sectors. It’s a good thing that they managed to shut it down before something worse happened. If there’s an escalation in cyber intrusions, our trust in digital systems, which is already held on by a hair, could erode, so much so it might disrupt whole economies.
The efforts showcased here were international, even if the operation was FBI-led. This also goes to prove that international cooperation is important, not just for trade, but also for the safety of the population.
Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Tech sections to stay informed and up-to-date with our daily articles.