"Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations"

The National Security Agency (NSA), together with the Federal Bureau of Investigation (FBI) and other co-sealers, has released a Cybersecurity Advisory (CSA) titled "Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations," detailing observed activities, mitigation recommendations, and more. The Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center, also known as APT28, Fancy Bear, and Forest Blizzard, has exploited compromised Ubiquiti EdgeRouters to steal credentials, collect digests, proxy network traffic, and host spearphishing landing pages. Victims include academic and research institutions, embassies, defense contractors, and political parties. This article continues to discuss the CSA on Russian cyber actors' use of compromised routers.

NSA reports "Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations"

Submitted by grigby1

Submitted by grigby1 CPVI on