The Federal Bureau of Investigation (FBI) and international partners have disrupted a botnet (network of hacked routers) operated by the Russian intelligence service (GRU). In Belgium, the FBI called on the expertise of the Centre for Cybersecurity Belgium (CCB).   Cyberattacks do not stop at borders and cybersecurity needs to be addressed internationally. This example, where the FBI was able to draw on the expertise of many different countries, shows that cooperation pays off.

 

In recent months and years, Russian state-sponsored cyberactors such as APT28, Fancy Bear and Forest Blizzard (Strontium) have eagerly used hacked Ubiquiti EdgeRouters.  They used this particular botnet to launch malicious attacks around the world. The US Department of Justice, including the FBI, and international partners recently dismantled a botnet consisting of such routers. They are now issuing an advisory to owners of such routers. They should take urgent security measures to ensure that the routers are no longer vulnerable and can be used by malicious actors.

 

The CCB has taken an active role in identifying such routers in Belgium and dismantling the botnet.  The owners of such routers in Belgium have been personally informed by the CCB about the vulnerabilities and the actions to be taken.