Federal and international law enforcement are warning of Russian cyber actors using “compromised” internet routers for cyber operations.
Russian state-sponsored hackers are exploiting Ubiquiti EdgeRouters and using their default credentials to break into them, the FBI and its international partners warned in a cyber alert dated Feb. 27.
“The U.S. Department of Justice, including the FBI, and international partners recently disrupted a GRU botnet consisting of such routers,” the alert says. “However, owners of relevant devices should take the remedial actions described below to ensure the long-term success of the disruption effort and to identify and remediate any similar compromises.”
The FBI says the routers are very popular for consumers and cyber criminals alike.
The Russian cyber actors, who are known collectively as APT28, have exploited various industries, including aerospace and defense, education, energy and utilities, governments, hospitality, manufacturing, oil and gas, retail, technology and transportation, according to officials.
Targeted countries have included Czech Republic, Italy, Lithuania, Jordan, Montenegro, Poland, Slovakia, Turkey, Ukraine, United Arab Emirates and the U.S., the alert said.
It is believed APT28 is the primary Russian group hacking into the routers, but there are other Russian groups as well.
“Additionally, the actors have strategically targeted many individuals in Ukraine,” the alert says.
The FBI urges consumers to update the devices as soon as they get them in order to not be compromised.
“Ubiquiti EdgeRouters have a user-friendly, Linux-based operating system that makes them popular for both consumers and malicious cyber actors. EdgeRouters are often shipped with default credentials and limited to no firewall protections to accommodate wireless internet service providers (WISPs). Additionally, EdgeRouters do not automatically update firmware unless a consumer configures them to do so,” the alert says.
“In summary, with root access to compromised Ubiquiti EdgeRouters, APT28 actors have unfettered access to Linux-based operating systems to install tooling and to obfuscate their identity while conducting malicious campaigns.”
A Ubiquiti representative didn’t immediately respond to a request for comment from ABC News.
US and international law enforcement agencies have issued a warning about Russian hackers using compromised internet routers for cyber operations. This alarming development has raised concerns about the potential for widespread cyber attacks that could disrupt critical infrastructure and compromise sensitive data.
The warning comes after the US Department of Homeland Security, the FBI, and the UK’s National Cyber Security Centre issued a joint statement detailing how Russian hackers have been targeting routers in homes and businesses around the world. These hackers are believed to be affiliated with the Russian government and are using the compromised routers to conduct cyber espionage, steal sensitive information, and launch attacks on other networks.
The compromised routers are being used to create a “botnet,” a network of infected devices that can be controlled remotely by hackers. This botnet can be used to launch distributed denial of service (DDoS) attacks, which flood websites with traffic and overwhelm their servers, causing them to crash. In addition, the hackers can use the compromised routers to intercept communications, steal login credentials, and install malware on connected devices.
The US and international law enforcement agencies are urging individuals and organizations to take steps to secure their routers and protect themselves from potential cyber attacks. This includes regularly updating router firmware, changing default passwords, disabling remote management features, and using strong encryption protocols.
It is also important for individuals and organizations to be vigilant about suspicious activity on their networks and to report any signs of compromise to law enforcement. By taking proactive measures to secure their routers and networks, individuals and organizations can help prevent Russian hackers from exploiting vulnerabilities and conducting cyber operations that could have serious consequences.
In conclusion, the warning from US and international law enforcement agencies about Russian hackers using compromised internet routers for cyber operations underscores the importance of cybersecurity in today’s interconnected world. By staying informed about the latest threats and taking steps to protect themselves, individuals and organizations can reduce their risk of falling victim to cyber attacks and safeguard their sensitive information.
