Technology

DOJ disrupts Russian hacking campaign that infiltrated homes, small businesses

The Department of Justice (DOJ) announced Thursday that it successfully disrupted a Russian hacking campaign that infiltrated the routers of homes and small business.

The department said it “neutralized a network” of hundreds of small office and home office routers in a court-authorized operation. The operations copied and deleted “stolen and malicious” data and files from routers that were compromised, the DOJ said.

The crimes included “spearphishing” and other “credential harvesting” campaigns against targets of interest to the Russian government, including the U.S. and foreign governments, military and security targets and corporate organizations, according to the announcement. The DOJ noted the GRU, a Russian intelligence agency, relied on malware called “Moobot” to infiltrate the routers.

“Non-GRU cybercriminals installed the Moobot malware on Ubiquiti Edge OS routers that still used publicly known default administrator passwords. GRU hackers then used the Moobot malware to install their own bespoke scripts and files that repurposed the botnet, turning it into a global cyber espionage platform,” the press release states.

The DOJ noted allegations of similar activity were the subject of a previous cybersecurity advisory to the private sector and a Ukrainian government warning.


Attorney General Merrick Garland vowed to continue “to disrupt and dismantle the Russian government’s malicious cyber tools that endanger the security of the United States and our allies” in a statement.

“The Justice Department is accelerating our efforts to disrupt the Russian government’s cyber campaigns against the United States and our allies, including Ukraine,” Garland said. “In this case, Russian intelligence services turned to criminal groups to help them target home and office routers, but the Justice Department disabled their scheme.”

FBI Director Christopher Wray said that this “type of criminal behavior is unacceptable,” adding the FBI will not allow any of Russia’s services “to negatively impact the American people and our allies.”

“Russia’s GRU continues to maliciously target the United States through their botnet campaigns,” Wray said. “The FBI utilized its technical capabilities to disrupt Russia’s access to hundreds of routers belonging to individuals in addition to small and home offices.”