Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks
Aug. 7, 2024, 4:41 p.m.
Tags
External References
Description
TrendMicro highlights the dangers of internet-facing routers and elaborates on Pawn Storm's exploitation of EdgeRouters, complementing the FBI's advisory from February 27, 2024. Cybercriminals and nation-state actors share an interest in compromised routers used as an anonymization layer, with cybercriminals renting out compromised routers and nation-state threat actors like Pawn Storm and Sandworm using dedicated proxy botnets. The analysis focuses on a criminal botnet of Ubiquiti EdgeRouters, disrupted by the FBI in January 2024, which Pawn Storm accessed in April 2022 for persistent espionage campaigns.
Date
Published: Aug. 7, 2024, 4:16 p.m.
Created: Aug. 7, 2024, 4:16 p.m.
Modified: Aug. 7, 2024, 4:41 p.m.
Indicators
fed8c98fc754aff95f8538b5bebce558eb274256b0265d4482a675b74e93cc93
f88d12332d2f58459f989c7c41b5381e8aed9c8c30c1d11373f0d1eb0b340b9a
f6541b569787aa050c54ad85976ac5b729697a022be188b0040d37aa91e49ae2
ef6fe4140001cb099968acd5772452859adbe7b57496389fbbf2342f9047b962
edefd297285090fe743f5c3b111bce54da40f43a32e15d8fa87b8a2c243f6d47
e3ba85e0bc978013b145ebb4c2d583b33422da93787ab8fb2185b55478652d91
dfc86b375e974b3092bbff41eb24db3281fb4fc104f1043a7afbf95f85a2c1d5
c290ab5d8ce9fcaa91da3b488c93dee1a4d0581c1335f19cb48027a5a03fe525
bd0ea597f24bb72f8db34b6b6d2c0bc70eb53df9eae40cdb216a13521145ab03
ad3fd3eb7a3a276ec0d384afb5b75fe7d9fc047bb0dab40f9d55870d4520c1f3
a4a95807f1c5b200d5d94e3e811a7c4af2d0d9ca88ca4d7f9d02015574f4716f
95995686b9af8b56c3fed1dadccf8b2ed5f417bb4eb8947a406a6e943cca33c6
944be9bb167a2f76fe2f539d3860bbf26301830c479bc68509af46e047993c8c
88f2d42bf225c930bc644f82bbd229e170d53dd1072e846e2883265a7ac33301
85a4151d790ab32d5321c6e71748b2446032e1775aedd0168be25f76bf4fe93f
844cc1807cc5b628b7aa807ef3b682d051c8ad5427df3d3e36c7e7633bfc5768
681a00df2e2cc680a4b68bdb6fe7d55c34d6d3fc35d462c78ebb659f9cb2cd60
4d35ae9669db428b72b1aaadd21dbed44ad2fc678efc8110d89ff723e0497406
53d687868fd7ab9e78aa09f696923bd3c057e4e50432d07210080474a8d879cb
4a932ccc8a45db6897a11de118cdbf67062569112f1caa69793669c5c24be708
2f182a6cb72712c340c2adb43843cfccb5916d236485de1c62fb40c883570824
2ae805b68d7408cc40ad058bc0b8b2b5c29d77760084a5230448e47cec1c43f4
28aee94e9a3f6c4296663bb853a5af5817ae109f066c88b7a245316a9a1e4712
2847ae693533406defecb226bfe6d62dd36905ff07add4e773426bde83e85ddc
17257ce42246b8c47f9ec639a6ffaca2bc14c21a22c4419bf468e3f1d491e330
104e3ea9a190ba039488f5200824fe883b98f6fe01d05a1b55e15ed2199c807a
0891588667da40da58ffaa8fedcddb0a9a172646ec12e6d0b9ce2acc2caa302b
86.123.151.53
32.143.50.222
24.88.87.29
193.34.166.176
185.62.58.141
185.227.137.200
184.75.134.59
185.62.58.20
172.114.170.18
Attack Patterns
Ngioweb
SSHDoor
Pawn Storm
T1609
T1568
T1211
T1588
T1556
T1091
T1583
T1567
T1189
T1598
T1071
T1219
T1592
T1190
T1090