"Botnet Disrupted by FBI Still Used by Russian Spies, Cybercriminals"

Trend Micro reports that the botnet of hijacked Ubiquiti routers used by the Russia-linked APT28 group for global espionage operations includes devices other than Ubiquiti Edge OS routers. APT28, also known as "Forest Blizzard" and "Pawn Storm," a cyber espionage group linked to Russia's Main Intelligence Directorate of the General Staff (GRU), used the network of Small Office/Home Office (SOHO) Ubiquiti Edge OS routers for years before its dismantlement in January 2024. At the time, the Federal Bureau of Investigation (FBI) said it copied and erased stolen and malicious data from the entrapped devices, as well as modified firewall rules to block APT28's bot access without affecting router operation. According to Trend Micro, the cleanup operation failed to fully cut Russian hackers' access to the infected devices because the botnet included more than Ubiquiti routers and undetected malware. This article continues to discuss the continued use of the disrupted botnet. 

SecurityWeek reports "Botnet Disrupted by FBI Still Used by Russian Spies, Cybercriminals" 

Submitted by grigby1