The FBI coordinated with other foreign partners to disrupt the GRU-led campaign.
The FBI announced Thursday that it successfully disrupted a hacking campaign led by the Russian GRU that infiltrated more than a thousand home and small business routers that were being used to conduct cyber operations against countries around the world, including the United States. Joined.
Coordinated law enforcement action with other foreign partners is said to have succeeded in kicking GRU operators off the routers and blocking their ability to access them again, the Justice Department said.
The department said it identified specific malware that the GRU relied on to infiltrate the routers, called “Moobot,” that had been installed on the routers and that the GRU used to turn it into a “global cyberespionage platform.”
The Justice Department said the GRU used the infiltrated routers to commit a series of crimes that included “vast phishing campaigns” targeting “targets of intelligence interest to the Russian government, such as U.S. and foreign governments and military, security and corporate”. organizations.”
In a court-authorized operation last month, the Justice Department said it used malware to copy and delete malicious data from routers and give victims full control of their networks.
“The Department of Justice is accelerating our efforts to disrupt the Russian government's cyber campaigns against the United States and our allies, including Ukraine,” Attorney General Merrick Garland said in a statement announcing the destabilization campaign. “In this case, Russian intelligence services turned to criminal groups to help them attack home and office routers, but the Department of Justice disabled their plan. We will continue to disrupt and dismantle the Russian government's malicious cyber tools that put in place endanger the security of the United States and our allies.”
FBI Director Christopher Wray first announced news of the disruption campaign, dubbed “Operation Dying Ember,” in remarks at the Munich Security Conference on Thursday.
“With these operations, and many more like them, we have set our sights on all the elements that we know from experience make criminal organizations tick,” Wray said. “Because we don't just want to hit them, we want to hit them wherever it hurts and humiliate them hard.”
The operation follows a similar disruption effort announced by the FBI just two weeks ago that booted Chinese government-sponsored hackers from hundreds of home and small business routers that were allegedly being used to attack critical U.S. infrastructure networks.
The FBI also issued an advisory noting that it is still working with Internet providers to alert other potential victims whose servers have been affected.