Router Roulette: Cybercriminals and Nation-States Sharing…

216.73.217.98

Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks

· Published 07/08/2024 16:16 · Modified 07/08/2024 16:41

Essential information

Published: 07/08/2024 16:16
Modified: 07/08/2024 16:41
Tags: 2024-08-07 botnet cybercrime espionage ngioweb proxy routers sshdoor
Related entities: 64 observables, 1 intrusion sets (apt), 15 techniques (mitre), 2 malware

Description

TrendMicro highlights the dangers of internet-facing routers and elaborates on Pawn Storm's exploitation of EdgeRouters, complementing the FBI's advisory from February 27, 2024. Cybercriminals and nation-state actors share an interest in compromised routers used as an anonymization layer, with cybercriminals renting out compromised routers and nation-state threat actors like Pawn Storm and Sandworm using dedicated proxy botnets. The analysis focuses on a criminal botnet of Ubiquiti EdgeRouters, disrupted by the FBI in January 2024, which Pawn Storm accessed in April 2022 for persistent espionage campaigns.

External references

https://otx.alienvault.com/pulse/66b39de921cdfe8b6ebcc220