The US authorities destroyed Botnet, which worked for espionage and cyber attacks for American and international goals. The operation of law enforcement agencies was carried out in January and included cleaning from malicious “more than a thousand” home and office routers.
The main tool of cybercriminals was the Botnet Moobot, which made it possible to remotely control the infected devices. Cybercriminals initially infected Ubiquiti routers on Edge OS using standard administrators passwords. Then the hackers modified Botnet, adding their own scripts and files for intelligence operations.
The goals of Botnet were government and military structures, as well as IB-companies and large corporations. According to the prosecutor’s office, attackers also used Openai models to create phishing letters and malware.
During the operation to eliminate Botnet, specialists managed to remove malicious files from infected routers and change the settings of the firewall to prevent further infection. All actions were carried out with the consent of the owners of the devices.
Recently, it became known that the Chinese spy group of Volt Typhoon has entered the network of emergency response services of a large American city in order to explore the American telecommunications. It is worth noting that already in early February, the US federal agencies warned that the Volt Typhoon has been in some networks of the country’s critical infrastructure for at least 5 years. The goals of the attackers were communication sectors, energy, transport, water supply and sewage systems in the USA and on the island of GUAM.