Get the latest tech news

Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU)

A January 2024 court-authorized operation has neutralized a network of hundreds of small office/home office (SOHO) routers that GRU Military Unit 26165, also known as APT 28, Sofacy Group, Forest Blizzard, Pawn Storm, Fancy Bear, and Sednit, used to conceal and otherwise enable a variety of crimes. These crimes included vast spearphishing and similar credential harvesting campaigns against targets of intelligence interest to the Russian government, such as U.S. and foreign governments and military, security, and corporate organizations. In recent months, allegations of Unit 26165 activity of this type has been the subject of a private sector cybersecurity advisory and a Ukrainian government warning.

A January 2024 court-authorized operation has neutralized a network of hundreds of small office/home office (SOHO) routers that GRU Military Unit 26165, also known as APT 28, Sofacy Group, Forest Blizzard, Pawn Storm, Fancy Bear, and Sednit, used to conceal and otherwise enable a variety of crimes. “Notably, this represents the third time since Russia’s unjustified invasion of Ukraine that the Department has stripped the Russian intelligence services of a key tool used to further the Kremlin’s acts of aggression and other malicious activities. The Criminal Division’s Computer Crime and Intellectual Property Section and Office of International Affairs, Shadowserver Foundation, Microsoft Threat Intelligence, and other partners provided valuable assistance.

Get the Android app