U.S. Wages Cyber War on Russian Military Botnet

/in


The United States and its allies have struck a significant blow to a Russian military botnet network whose targets included numerous government and military entities and corporations.

A January 2024 court-authorized operation effectively neutralized a network of hundreds of small office/home office (SOHO) routers that the Armed Forces of the Russian Federation (GRU) Military Unit 26165 used to conceal and enable a variety of cybercrimes, according to a U.S. Department of Justice Office of Public Affairs news release. The GRU unit is also known as APT 28, Sofacy Group, Forest Blizzard, Pawn Storm, Fancy Bear, and Sednit.

The GRU’s cybercrimes included vast spearphishing and similar credential harvesting campaigns against targets of interest to the Russian government, the Justice Department said.

Federal Bureau of Investigation (FBI) Director Christopher Wray spoke at the Munich Security Conference this week where he announced the impact of Operation Dying Ember on the Russian cyber operation.

“Operation Dying Ember, where working with our U.S. — and, again, worldwide law enforcement partners — we ran a court-authorized technical operation to kick the Russian GRU off well over a thousand home and small business routers and lock the door behind them, killing the GRU’s access to a botnet it was piggybacking to run cyber operations against countries around the world, including America and its allies in Europe,” Wray said.

He continued, “With these operations, and many more like them, we’ve set our sights on all the elements that we know from experience make criminal organizations tick: their people — a term we define broadly to include not just ransomware administrators and affiliates, but their facilitators, like bulletproof hosters and money launderers; their infrastructure; their servers, botnets, etc.; and their money, the cryptocurrency wallets they use to stash their ill-gotten gains, hire associates and lease infrastructure.

“Because we don’t just want to hit them — we want to hit them everywhere it hurts, and put them down, hard.”

Cyber Experts Weigh In

Tom Kellermann, senior vice president of Cyber Strategy at Contrast Security, who partners with MSSPs,…

Source…