The FBI has added Russian hackers to its list of things to avoid. The agency warns that hackers not only use compromised routers but also move things between computers. Some manufacturers and companies mentioned that hackers illegally utilized their individual and business routers for cybercrimes against the US government.

In a joint statement with the National Security Agency (NSA), US Cyber Command, and the Intelligence Services of 10 other countries, the FBI stated that the aim was to gain access to government networks.

During its announcement, the FBI said that router users are the hackers’ targets. This includes the Ubiquiti Edge Routers, which the FBI stated come from the factory with their security settings turned off.

Hence, they are highly prone to cyber-attacks. They are common for home and office use because of their affordable price—$59 for the company’s cheapest model. “Ubiquiti EdgeRouters have a user-friendly, Linux-based operating system,” the FBI wrote in the joint statement. “That makes them popular for both consumers and malicious cyber actors.”

The FBI suspects an agency, GRU Military Unit 26165 – also known as APT 28, Sofacy Group, Forest Blizzard, Pawn Storm, Fancy Bear, and Sednit. It is worth noting that if EdgeRouter is compromised, the appearance of a routine reboot does not exclude the presence of malware or the operation of foreign powers in this equipment.

The agency also recommends that users install the latest stable version. Afterward, users should modify any default credentials and/or access details to secure their accounts. Lastly, they should install tactical firewall policies on the WAN-side subsystems to eliminate any probability that remote management services are unintentionally exposed.

The FBI noted, “Furthermore, every network manager, whether corporate or household, should keep their software, operating systems, and firmware updated.” The agency highlights in the joint statement that Ubiquiti EdgeRouters have a user-friendly Linux-based operating system, making them preferable for consumers and malicious hackers.

Generally, people ship EdgeRouters with default credentials and without firewall protections so that wireless internet service providers (WISPs) can successfully use them. Moreover, EdgeRouters do not update firmware automatically unless you configure them to do so.

These routers were secretly included in the botnet, which was used for spearphishing cybercrimes whose victims didn’t even know that they were accomplices.

These specific attacks aim to steal login credentials, which commonly come from government employees, to gain access to secure data. In a spearphishing attack, a targeted individual is a specific person.

The victim may receive a legitimate-looking email from a commonly used website. Spearphishing emails may ask them to update their Amazon password or change their Netflix payment method, for example. But when they click the link, it redirects them to a fake website that looks just like the real thing.

The agency also notes that the link might redirect the victim to the actual website after they enter their username and password. However, the hacker already has their details. The FBI asserts that the Russian Federation’s Main Intelligence Directorate General Staff controls the botnet hosting these spearphishing landing sites.

The FBI advises network owners to ensure that their operating systems, software, and firmware are up to date. “One of the best practices an organization can take toward having less vulnerability to cybersecurity threats is timely patching,” the agency said.

In mid-February, the FBI announced that it had thwarted a Russian botnet Controlled by GRU. Employing hundreds of such routers, GRU Military Unit 26165 was responsible for covering up and leading various cybercrimes.

“The crimes included widespread spearphishing,” the FBI claimed at the time. “And similar credential harvesting campaigns against intelligence interests of the Russian government.” The agency added, “This also includes the US and foreign governments and military, security, and corporate organizations.”