Russian Hackers Target Ubiquiti Routers

Cyber Security News | Security Alert



March 6, 2024

Joint Warning Issued on Russian Cyber Actors Exploiting Ubiquiti EdgeRouters

In a combined effort, the National Security Agency (NSA), Federal Bureau of Investigation (FBI), US Cyber Command, and their international partners have issued a Cybersecurity Advisory (CSA) warning that Russian state-sponsored cyber actors, specifically APT28 (also known as Fancy Bear, Forest Blizzard, and Strontium), are actively exploiting critical vulnerabilities in Ubiquiti EdgeRouters. These compromised routers have been used globally to:

Steal credentials: APT28 gains access to sensitive login information.
Proxy network traffic: They can mask their online activities by redirecting internet traffic through the compromised routers.
Host malicious content: Fake websites and custom exploitation tools are deployed to further their attacks.
Gain Unfettered Access: Once compromised, the routers can provide APT28 with complete control over Linux-based operating systems to install tooling and to obfuscate their identity while conducting malicious campaigns. This allows them to:
- Install additional malicious tools: They equip the compromised routers with additional malware for further exploitation.
- Hide their activities: By manipulating the system, they can make it harder to detect their presence.

Although a recent joint operation by the US DOJ, FBI, and international partners disrupted a network of compromised routers controlled by APT28, the threat remains.

Targeted Industries: Organizations across various sectors have been targeted, including:

Aerospace & Defense
Education
Energy & Utilities
Governments and Militaries
Hospitality
Manufacturing
Oil & Gas
Retail
Technology
Healthcare
Transportation

Call to Action: Large enterprises defend themselves against these attacks by leveraging advanced solutions that continuously monitor both on-premise and cloud environments, gathering and analyzing data in real-time with integrated threat intelligence for a powerful defense. Although effective, these advanced solutions often are not available to mid-market enterprises because of high costs.

We have created CloudJacketXi, a unified cybersecurity solution with the same advanced security features used by Fortune 500 companies, but affordable for everyone. CloudJacketXi shields businesses of all sizes from the aftermath of attacks highlighted in this Security Alert. Act now to safeguard your organization. Go to https://www.secnap.com/cloudjacket-xi/.

The CSA Advisory is located here: https://media.defense.gov/2024/Feb/27/2003400753/-1/-1/0/CSA-Russian-Actors-Use-Routers-Facilitate-Cyber_Operations.PDF

Ensure your organization has robust cybersecurity protection that quickly identifies and contains potential breaches.

Name(Required)

First Last

Phone(Required)

Email(Required)

Company(Required)

Job Title(Required)

I want to learn more about SECNAP's solutions.

Please contact me.

Stay up-to-date with the latest news and trends in cyber security. Follow SECNAP Network Security’s social media channels and get valuable insights, tips, and information to help protect your organization from online threats:

- LinkedIn
- Facebook
- Instagram
- Twitter

← Prev Post Next Post →

Cyber Threats from China are Escalating – Serious US Risk

Cyber Security News, News

Chinese cyber threats are escalating, posing serious risks to critical American infrastructure and...

CTS Breached – UK Law Firms Customer Information Exposed

Cyber Security News, News

Many UK law firms were affected by a breach on IT provider CTS. For Law Firms, the costs of a data...

Cyber Security News | Security Alert

More Related Posts

Cyber Threats from China are Escalating – Serious US Risk

CTS Breached – UK Law Firms Customer Information Exposed