February 27, 2024 By Sergiu Gatlan
Russian military hackers are using compromised Ubiquiti EdgeRouters to evade detection, the FBI says in a joint advisory issued with the NSA, the U.S. Cyber Command, and international partners.
Military Unit 26165 cyberspies, part of Russia's Main Intelligence Directorate of the General Staff (GRU) and tracked as APT28 and Fancy Bear, are using these hijacked and very popular routers to build extensive botnets that help them steal credentials, collect NTLMv2 digests, and proxy malicious traffic.
They're also used to host custom tools and phishing landing pages throughout covert cyber operations targeting militaries, governments, and other organizations worldwide.
"EdgeRouters are often shipped with default credentials and limited to no firewall protections to accommodate wireless internet service providers (WISPs)," the joint advisory warns.
"Additionally, EdgeRouters do not automatically update firmware unless a consumer configures them to do so."
