this post was submitted on 18 Feb 2024
168 points (95.7% liked)

Technology

59569 readers
3431 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

DOJ quietly removed Russian malware from routers in US homes and businesses::Feds once again fix up compromised retail routers under court order.

top 10 comments
sorted by: hot top controversial new old
[–] ShellMonkey@lemmy.socdojo.com 15 points 9 months ago* (last edited 9 months ago) (2 children)

Unless the boxes actually where to get patches, which the article notes them as end of life, this is a largely pointless endeavor and the boxes will be reinfected shortly. We really need some kind of comprehensive education and notification system to let these owners know that their systems are vulnerable and have been actively exploited. Maybe take some portion of the military budget to create a fund and help people get new gear while they're at it. A sizable chunk of people just want a box to work and once it's set up the extent of any maintaining is to unplug it when the WiFi gets funky.

[–] remotelove@lemmy.ca 15 points 9 months ago* (last edited 9 months ago)

It's easier to replace the malware with your own, honestly. (Bots do this all the time, actually.)

"Removed" is such a strong word and likely not used correctly here.

Edit: This isn't a "conspiracy". It's a math game, TBH. And it's exceedingly cheap.

[–] Coreidan@lemmy.world 5 points 9 months ago

Unless the boxes actually where to get patches

Ummm, what?

[–] Oha@lemmy.ohaa.xyz 5 points 9 months ago (1 children)

The internet would be so much better if no one ran eol devices

[–] femboy_bird@lemmy.blahaj.zone 2 points 9 months ago

The world would be better if computers came by default with a tty and a manual, this would keep most people who aren't smart enough to know how to be safe online offline, it would also force our society to be able to function offline

[–] autotldr@lemmings.world 4 points 9 months ago (1 children)

This is the best summary I could come up with:


More than 1,000 Ubiquiti routers in homes and small businesses were infected with malware used by Russian-backed agents to coordinate them into a botnet for crime and spy operations, according to the Justice Department.

That malware, which worked as a botnet for the Russian hacking group Fancy Bear, was removed in January 2024 under a secret court order as part of "Operation Dying Ember," according to the FBI's director.

Unlike previous attacks by Fancy Bear—that the DOJ ties to GRU Military Unit 26165, which is also known as APT 28, Sofacy Group, and Sednit, among other monikers—the Ubiquiti intrusion relied on a known malware, Moobot.

"For the second time in two months, we've disrupted state-sponsored hackers from launching cyber-attacks behind the cover of compromised US routers," said Deputy Attorney General Lisa Monaco in a press release.

Christopher A. Wray, director of the FBI, expanded on the Fancy Bear operation and international hacking threats generally at the ongoing Munich Security Conference.

Malware said by the DOJ to be tied to the Chinese government was removed from SOHO routers by the FBI last month in similar fashion to the most recently revealed operation, targeting Cisco and Netgear devices that had mostly reached their end of life and were no longer receiving security patches.


The original article contains 550 words, the summary contains 211 words. Saved 62%. I'm a bot and I'm open source!

[–] HearthCore@infosec.pub 4 points 9 months ago (2 children)

It’s hard to take serious when it’s all due to default passwords… 🤦

[–] suzune@ani.social 3 points 9 months ago

I think default passwords are not even enough. There must be some additional fuckup unmentioned. Usually such devices don't expose the management interface publicly, so a password wouldn't be enough.

That's not the fault of the government. The fact that they were able to do this without disruption or people even recognizing is a pretty big win.

[–] ShellMonkey@lemmy.socdojo.com 4 points 9 months ago

Can't remember the name but I recall one of what you're talking about, botnet that actually made it impossible for their competitors to retake the host. In theory the 'good guy's could do that too, but still better to just find a way to fix it without leaving anything behind.