In a significant move, the U.S. Department of Justice has successfully disrupted a cyber espionage network operated by Russian GRU Military Unit 26165.
This operation, authorized by a court in January 2024, focused on neutralizing a network of hundreds of small office/home office (SOHO) routers utilized by the GRU for concealing and enabling various cybercrimes globally.
Court-Authorized Operation Neutralizes GRU’s Global Cyber Espionage Platform Linked to Compromised SOHO Routers
The Justice Department’s court-authorized operation targeted GRU Military Unit 26165, also known by multiple aliases, dismantling a sophisticated cyber espionage platform.
The GRU, instead of creating the botnet from scratch, leveraged the “Moobot” malware, associated with a known criminal group.
Non-GRU cybercriminals installed Moobot on Ubiquiti Edge OS routers with default passwords, enabling GRU hackers to repurpose the botnet for global cyber espionage activities.
Global Cyber Espionage Network Dismantled: Justice Department Targets GRU’s Use of Compromised Home Routers
The operation utilized the Moobot malware to copy and delete stolen and malicious data from compromised routers, disrupting the GRU’s cyber activities.
The court-authorized steps also modified the routers’ firewall rules temporarily, blocking remote management access to thwart GRU’s interference attempts.
The Justice Department’s intervention aimed at safeguarding the security of the United States and its allies against Russian cyber threats.
Major Blow to GRU Cyber Operations: U.S. Justice Department Unveils Operation Against Compromised SOHO Routers
Attorney General Merrick B. Garland emphasized the Justice Department’s commitment to accelerating efforts against Russian cyber campaigns.
The operation successfully disabled the GRU’s scheme involving compromised SOHO routers, reinforcing the determination to disrupt and dismantle malicious cyber tools threatening the U.S. and its allies.
U.S. Department of Justice Strikes Against GRU’s Cyber Espionage Infrastructure Through Compromised Routers
Deputy Attorney General Lisa Monaco highlighted the comprehensive approach to leverage legal authorities against state-sponsored hackers.
The operation, targeting both criminal and state-sponsored actors, showcased the government’s resolve to prevent harm and protect public interests.
FBI Director Christopher Wray condemned Russia’s malicious targeting of the U.S. through cyber campaigns and emphasized the FBI’s commitment to thwarting such criminal behavior.