#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
State of SaaS

MooBot | Breaking Cybersecurity News | The Hacker News

Category — MooBot
Cybersecurity Agencies Warn Ubiquiti EdgeRouter Users of APT28's MooBot Threat

Cybersecurity Agencies Warn Ubiquiti EdgeRouter Users of APT28's MooBot Threat

Feb 28, 2024 Firmware Security / Vulnerability
In a new joint advisory, cybersecurity and intelligence agencies from the U.S. and other countries are urging users of Ubiquiti EdgeRouter to take protective measures, weeks after a botnet comprising infected routers was  felled by law enforcement  as part of an operation codenamed Dying Ember. The botnet, named MooBot, is said to have been used by a Russia-linked threat actor known as APT28 to facilitate covert cyber operations and drop custom malware for follow-on exploitation. APT28, affiliated with Russia's Main Directorate of the General Staff (GRU), is known to be active since at least 2007. APT28 actors have "used compromised EdgeRouters globally to harvest credentials, collect NTLMv2 digests, proxy network traffic, and host spear-phishing landing pages and custom tools," the authorities  said  [PDF]. The adversary's use of EdgeRouters dates back to 2022, with the attacks targeting aerospace and defense, education, energy and utilities, governments, hospit...
U.S. Government Disrupts Russia-Linked Botnet Engaged in Cyber Espionage

U.S. Government Disrupts Russia-Linked Botnet Engaged in Cyber Espionage

Feb 16, 2024 Botnet / Network Security
The U.S. government on Thursday said it disrupted a botnet comprising hundreds of small office and home office (SOHO) routers in the country that was put to use by the Russia-linked APT28 actor to conceal its malicious activities. "These crimes included vast spear-phishing and similar credential harvesting campaigns against targets of intelligence interest to the Russian government, such as U.S. and foreign governments and military, security, and corporate organizations," the U.S. Department of Justice (DoJ)  said  in a statement. APT28 , also tracked under the monikers BlueDelta, Fancy Bear, Fighting Ursa, Forest Blizzard (formerly Strontium), FROZENLAKE, Iron Twilight, Pawn Storm, Sednit, Sofacy, and TA422, is  assessed  to be linked to Unit 26165 of Russia's Main Directorate of the General Staff (GRU). It's known to be active since at least 2007. Court documents allege that the attackers pulled off their cyber espionage campaigns by relying on  MooBot , a...
Product Walkthrough: How Reco Discovers Shadow AI in SaaS

Product Walkthrough: How Reco Discovers Shadow AI in SaaS

Jan 09, 2025AI Security / SaaS Security
As SaaS providers race to integrate AI into their product offerings to stay competitive and relevant, a new challenge has emerged in the world of AI: shadow AI.  Shadow AI refers to the unauthorized use of AI tools and copilots at organizations. For example, a developer using ChatGPT to assist with writing code, a salesperson downloading an AI-powered meeting transcription tool, or a customer support person using Agentic AI to automate tasks – without going through the proper channels. When these tools are used without IT or the Security team's knowledge, they often lack sufficient security controls, putting company data at risk. Shadow AI Detection Challenges Because shadow AI tools often embed themselves in approved business applications via AI assistants, copilots, and agents they are even more tricky to discover than traditional shadow IT. While traditional shadow apps can be identified through network monitoring methodologies that scan for unauthorized connections based on...
Mirai Variant MooBot Botnet Exploiting D-Link Router Vulnerabilities

Mirai Variant MooBot Botnet Exploiting D-Link Router Vulnerabilities

Sep 07, 2022
A variant of the Mirai botnet known as MooBot is co-opting vulnerable D-Link devices into an army of denial-of-service bots by taking advantage of multiple exploits. "If the devices are compromised, they will be fully controlled by attackers, who could utilize those devices to conduct further attacks such as distributed denial-of-service (DDoS) attacks," Palo Alto Networks Unit 42  said  in a Tuesday report. MooBot, first disclosed by Qihoo 360's Netlab team in September 2019, has previously targeted  LILIN digital video recorders  and  Hikvision video surveillance products  to expand its network. In the latest wave of attacks discovered by Unit 42 in early August 2022, as many as four different flaws in D-Link devices, both old and new, have paved the way for the deployment of MooBot samples. These include - CVE-2015-2051  (CVSS score: 10.0) - D-Link HNAP SOAPAction Header Command Execution Vulnerability CVE-2018-6530  (CVSS score: 9.8) -...
cyber security

Secure Your Azure: Proactive Tips for Cloud Protection

websiteWizCloud Security
Discover how to boost your Azure cloud security with practical steps to help you maintain control and visibility.
Expert Insights / Articles Videos
Cybersecurity Resources