Russian Hackers Exploit Compromised Internet Routers, Law Enforcement Warns

Law enforcement authorities have issued a warning about Russian cyber actors using compromised internet routers for their malicious operations.


Russian Hackers Exploit Ubiquiti EdgeRouters

Federal and international law enforcement agencies are alerting the public about Russian cyber actors who are taking advantage of "compromised" internet routers for cyber operations. The FBI and its international partners issued a cyber alert on February 27, stating that Russian state-sponsored hackers have been exploiting Ubiquiti EdgeRouters and using default credentials to gain unauthorized access.

The U.S. Department of Justice, including the FBI, recently disrupted a GRU botnet consisting of these compromised routers, but the alert advises owners of these devices to take remedial actions to ensure ongoing protection and to identify any similar breaches.

Ubiquiti EdgeRouters are widely used by consumers and cyber criminals due to their user-friendly, Linux-based operating system. As a result, these routers are often shipped with default credentials and limited firewall protections, providing easy targets for hackers.

Russian Cyber Actors APT28 Target Various Industries and Countries

The Russian cyber actors, collectively known as APT28, have targeted multiple industries including aerospace and defense, education, energy and utilities, governments, hospitality, manufacturing, oil and gas, retail, technology, and transportation, according to officials.

The affected countries include the Czech Republic, Italy, Lithuania, Jordan, Montenegro, Poland, Slovakia, Turkey, Ukraine, United Arab Emirates, and the U.S. The primary group hacking into the routers is believed to be APT28, but there are other Russian groups involved as well.

The alert highlights that APT28 has specifically targeted individuals in Ukraine as part of their strategic operations.

FBI Urges Consumers to Update Ubiquiti EdgeRouters

The FBI is urging consumers to update their Ubiquiti EdgeRouters as soon as they acquire them in order to avoid being compromised. These routers do not automatically update firmware unless configured by the user, leaving them vulnerable to cyber attacks.

With root access to compromised Ubiquiti EdgeRouters, APT28 actors can exploit the Linux-based operating systems to install tools and mask their identities during malicious campaigns. The FBI advises taking precautionary measures to prevent unauthorized access and ensure the security of these devices.