Intel agencies issue guidance to protect against Russian botnet

U.S. and international authorities on Tuesday urged owners of routers used in a Russian botnet operation to ensure the devices cannot still be exploited by malicious actors.

The additional warning came a week after a coordinated international action by the FBI and others disrupted a Russian GRU-led hacking campaign that infiltrated more than a thousand home and small business routers that were used to carry out cyber espionage around the globe.

Dubbed Operation Dying Ember, it was first announced by FBI Director Christopher Wray in remarks at the Munich Security Conference.

LISTEN: FBI Director Chris Wray sat down for a rare interview with the Click Here podcast to talk about Operation Dying Ember.

It marked the latest effort by U.S. law enforcement, led by the bureau and the Justice Department, to combat digital criminal groups — including a similar action earlier this month that knocked off Chinese government-sponsored hackers from hundreds of home and small business routers that were allegedly used to target American infrastructure networks.

"With these operations, and many more like them, we've set our sights on all the elements that we know from experience make criminal organizations tick," Wray said in Munich. "Because we don't just want to hit them: we want to hit them everywhere it hurts and put them down hard."

Despite last week’s apparent success against the so-called “Moobot” botnet that infected routers, “owners of relevant devices should” take steps to “ensure the long-term success of the disruption effort and to identify and remediate any similar compromises,” authorities cautioned.

In particular, they recommended owners conduct a hardware reset to “flush file systems of malicious” content; upgrade to the latest firmware; change default usernames and passwords; and enact firewall protections in order to “prevent the unwanted exposure of remote management services.”