Priya Patel
TLDR:
– U.S. conducts cyberattack on Russian military botnet, disabling a network of routers used by GRU.
– FBI Director Christopher Wray announces Operation Dying Ember at Munich Security Conference.
Full Article:
The United States and its allies have successfully disrupted a Russian military botnet network operated by the GRU. In a court-authorized operation in January 2024, hundreds of small office/home office (SOHO) routers were neutralized, impeding the GRU’s cybercrimes targeted at government, military entities, and corporations.
FBI Director Christopher Wray highlighted the impact of Operation Dying Ember, which kicked the Russian GRU off routers and blocked access to the botnet used for cyber operations globally. This operation is part of the larger cyberwar strategy against sophisticated AI-generated cyberattacks on critical infrastructures. Cyber experts warn about the vulnerability of SOHO routers to botnet exploits and the interest of nation-state threat actors in infiltrating U.S. networks.
The botnet operated by the GRU was unique in its use of existing Moobot malware installed on routers with default passwords, repurposing them for cyber espionage. The Justice Department’s operation modified firewall rules on compromised routers to block remote management access and prevent GRU’s attempts to thwart the operation.
Attorney General Merrick B. Garland emphasized the Department’s efforts to disrupt Russian cyber campaigns, including disabling their schemes through court-authorized operations. This marks the third time since Russia’s invasion of Ukraine that key tools used by Russian intelligence services have been neutralized. If individuals suspect a compromised router, they are urged to visit the FBI’s Internet Crime Complaint Center.
