US disrupts Russian hacking campaign that infiltrated home, small business routers: DOJ
The FBI coordinated with other foreign partners to disrupt the GRU-led campaign.
The FBI announced Thursday it successfully disrupted a Russian GRU-led hacking campaign that infiltrated more than a thousand home and small business routers that were used to carry out cyber operations against countries around the world, including in the U.S.
The coordinated law enforcement action with other foreign partners is said to have successfully booted the GRU operators off the routers while locking out their abilities to re-access them, the Justice Department said.
The department said it identified a specific malware that the GRU relied on to infiltrate the routers -- dubbed "Moobot" -- that had been installed on the routers and that the GRU used to turn it into a "global cyber espionage platform."
The Justice Department said the GRU used the infiltrated routers in the commission of a range of crimes that included "vast spearphishing" campaigns aimed at "targets of intelligence interest to the Russian government, such as U.S. and foreign governments and military, security, and corporate organizations."
In a court-authorized operation last month, the Justice Department said it used the malware to copy and delete the malicious data from the routers and give victims back full control of their networks.
"The Justice Department is accelerating our efforts to disrupt the Russian government's cyber campaigns against the United States and our allies, including Ukraine," Attorney General Merrick Garland said in a release announcing the disruption campaign. "In this case, Russian intelligence services turned to criminal groups to help them target home and office routers, but the Justice Department disabled their scheme. We will continue to disrupt and dismantle the Russian government's malicious cyber tools that endanger the security of the United States and our allies."
FBI Director Christopher Wray first announced news of the disruption campaign, dubbed "Operation Dying Ember," in remarks at the Munich Security Conference on Thursday.
"With these operations -- and many more like them -- we've set our sights on all the elements that we know from experience make criminal organizations tick," Wray said. "Because we don't just want to hit them -- we want to hit them everywhere it hurts, and put them down hard."
The operation follows a similar disruption effort announced by the FBI just two weeks ago that kicked off Chinese government-sponsored hackers from hundreds of home and small business routers that were allegedly used to target U.S. critical infrastructure networks.
The FBI has also issued an advisory noting it's still working with internet providers to alert potential other victims whose servers have been affected.