this post was submitted on 17 Feb 2024
433 points (98.0% liked)

Technology

59777 readers
4723 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 12 points 9 months ago (2 children)

This is the best summary I could come up with:


More than 1,000 Ubiquiti routers in homes and small businesses were infected with malware used by Russian-backed agents to coordinate them into a botnet for crime and spy operations, according to the Justice Department.

That malware, which worked as a botnet for the Russian hacking group Fancy Bear, was removed in January 2024 under a secret court order as part of "Operation Dying Ember," according to the FBI's director.

Unlike previous attacks by Fancy Bear—that the DOJ ties to GRU Military Unit 26165, which is also known as APT 28, Sofacy Group, and Sednit, among other monikers—the Ubiquiti intrusion relied on a known malware, Moobot.

"For the second time in two months, we've disrupted state-sponsored hackers from launching cyber-attacks behind the cover of compromised US routers," said Deputy Attorney General Lisa Monaco in a press release.

Christopher A. Wray, director of the FBI, expanded on the Fancy Bear operation and international hacking threats generally at the ongoing Munich Security Conference.

Malware said by the DOJ to be tied to the Chinese government was removed from SOHO routers by the FBI last month in similar fashion to the most recently revealed operation, targeting Cisco and Netgear devices that had mostly reached their end of life and were no longer receiving security patches.


The original article contains 550 words, the summary contains 211 words. Saved 62%. I'm a bot and I'm open source!

[–] orclev 43 points 9 months ago (2 children)

Important detail left out of the TL;DR: The method of infection required that the device still had the default admin password. As long as you changed the admin password when you setup the device this wouldn't have impacted you.

[–] [email protected] 15 points 9 months ago (1 children)

It's incredible how many people leave their router with the default password

[–] A_Random_Idiot 17 points 9 months ago

I'm smart, I never leave the default password.

I always change it to 1 2 3 4 5, the same as my luggage.

[–] [email protected] 11 points 9 months ago* (last edited 9 months ago)

Thanks for this important information. That is the 1st thing we do after getting a new Router. (change its username and password)