
The federal government is warning those using home and small office routers that Russian state-owned hackers continue to compromise them en masse to cover up nefarious actions against sensitive organizations in the public and private sectors.
Also Russian and chinese Governments have been compromising routers for years, sometimes protracted disputes Another already ordered to take control of the devices. The US government provides information from time to time hidden commands and took other steps to disinfect routers. So are Google and other companies worked for to break massive botnets running locked routers. What has been done so far is that operators are doing little more than simply replacing their botnets with new ones.
Proxy networks: the main tool
“Cyber actors of Russia’s Federal Security Service (FSB) 16 continue to exploit poorly configured and vulnerable network devices around the world, opportunistically breaching many critical infrastructure sector networks,” the Cybersecurity and Infrastructure Security Agency said. he said on monday. Hacker groups go by various names such as Berserk Bear, Energetic Bear, Crouching Yeti, Dragonfly, Ghost Blizzard and Static Tundra. The advice was jointly issued by governments around the world, including Australia, Denmark, New Zealand and the UK.
The primary means of compromise the agency warned about was hackers scanning IP ranges with active Simple Network Management Protocol (SNMP) agents that accept generic or default authentication credentials. These scans are run by many types of router botnets where actors try to log into the targeted device. By sending malicious traffic from spoofed addresses, hackers can use the SNMP agent on poorly configured routers to launch malware. SNMP allows collect and organize information about user-managed network devices or modify this information to change device behavior.





