FBI Director Chris Wray disclosed the disruption campaign, dubbed “Operation Dying Ember,” during a keynote address delivered Thursday at the Munich Security Conference.
“We ran a court-authorized technical operation to kick the Russian GRU off well over a thousand home and small business routers, and lock the door behind them,” Wray said, according to a copy of his prepared remarks, “killing GRU’s access to a botnet it was piggybacking to run cyber operations around the world, including America and its allies in Europe.”
The operation was carried out in January and shut down routers “used to conceal and otherwise enable a variety of crimes,” including “vast spearphishing” campaigns to hack and harvest credentials and private information, the FBI said.
The hackers specifically targeted routers manufactured by a US-based company, Ubiquiti Inc., by infecting them with malware called “Moobot” that would give them access and control of the computers, the FBI said.
The compromised routers belonged to unsuspecting victims “in almost every state,” including New England, according to the FBI and court documents.
“Malicious data” was deleted from the routers and the victims were given back “full control of their networks,” the FBI said.
“Operation Dying Ember was an international effort led by FBI Boston to remediate over a thousand compromised routers belonging to unsuspecting victims here in the United States, and around the world that were targeted by malicious, nation state actors in Russia to facilitate their strategic intelligence collection,” Jodi Cohen, special agent in charge of the FBI Boston Field Office, said in statement. “The FBI’s strong partnerships with the private sector were critical to identifying and addressing this threat which targeted our national security interests here and abroad. This operation should make it crystal clear to our adversaries that we will not allow anyone to exploit our technology and networks.”
Tonya Alanez can be reached at [email protected]. Follow her @talanez.
var oneTrustActive = true;
var oneTrustConsentObj;
try {
oneTrustConsentObj = JSON.parse(window.localStorage.getItem(‘consent_one_trust_bgmp’) || ‘{}’);
} catch (err) {
oneTrustConsentObj = {};
}
// Default to granted consent
var consent=”grant”
// FB script decleration
!function(f,b,e,v,n,t,s) {
if(f.fbq)return;n=f.fbq=function(){n.callMethod?n.callMethod.apply(n,arguments):n.queue.push(arguments)};
if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version=’2.0′;
n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];
s.parentNode.insertBefore(t,s);
}
(window,document,’script’, ‘https://connect.facebook.net/en_US/fbevents.js’);
if (oneTrustActive && oneTrustConsentObj && oneTrustConsentObj.C0004 === false) {
consent=”revoke”;
}
// We need to call consent before we run init and track
fbq(‘consent’, consent);
fbq(‘set’, ‘autoConfig’, ‘false’, ‘884869448226452’);
fbq(‘set’, ‘autoConfig’, ‘false’, ‘493062270895851’);
fbq(‘init’, ‘884869448226452’);
fbq(‘track’, ‘PageView’);
——————————————————–