Ubiquiti EdgeRouters Hacks May Be Ubiquitous
That Free Patch The FBI Applied Last Week Might Not Be Enough
The FBI sought after and received court approval to silently push out an update to Ubiquiti SOHO routers last week, which you may or may not be aware of. They added firewall rules to prevent the hijacking of these routers by Russian hacking group APT28, which they have been disturbingly effective at doing. Once they have access to the router, they leave your traffic alone to help hide their activity and instead use it to launch attacks. Since these SOHO routers are unlikely to be on a black list, and because of the huge amount of them running, the sites they attack from these routers won’t just immediately block the traffic.
The new firewall settings the FBI added to these routers should prevent new infections from spreading, but it doesn’t resolve the root cause. Anyone running a Ubiquiti router is strongly urged to take several steps. It would be a very good idea to factory reset the router, then upgrade to the newest firmware and finally to do what you should have in the first place; get rid of any default passwords and usernames!
Once you’ve done that, you might want to look at strengthening your firewall rules, as the attacks will evolve and continue.
Earlier this month, the FBI revealed that it had quietly removed Russian malware from routers in US homes and businesses. The operation, which received prior court authorization, went on to add firewall rules that would prevent APT28 -- also tracked under names including Sofacy Group, Forest Blizzard, Pawn Storm, Fancy Bear, and Sednit -- from being able to regain control of the devices.
More Tech News From Around The Web
- Samsung HBM3E 12H 36GB In Production Q2 2024 @ ServeTheHome
- Japan warns of malicious PyPi packages created by North Korean hackers @ Bleeping Computer
- Epic Games: “Zero evidence” we were hacked by Mogilevich gang @ Bleeping Computer
- Savvy Seahorse gang uses DNS CNAME records to power investor scams @ Bleeping Computer
- Mamas, don’t let your babies grow up to be coders, Jensen Huang warns @ The Register
- What is GitHub Copilot Enterprise? You and your org just might find out firsthand @ The Register
- OpenAI accuses NYT of hacking ChatGPT to set up copyright suit @ Ars Technica
- Meta Wants Llama 3 To Handle Contentious Questions as Google Grapples With Gemini Backlash @ Slashdot
- Air Canada’s Chatbot: Why RAG Is Better Than An LLM For Facts @ Hackaday
‘Edge’ is the more infrastructure side of Ubiquiti, which is probably why the FBI is involved. Its not really SOHO gear unless you count enthusiasts using it for their home network.