Hackers backed by Russia and China are infecting SOHO routers like yours, FBI warns

The FBI and partners from 10 other countries are urging owners of Ubiquiti EdgeRouters to check their gear for signs they’ve been hacked and are being used to conceal ongoing malicious operations by Russian state hackers.

The Ubiquiti EdgeRouters make an ideal hideout for hackers. The inexpensive gear, used in homes and small offices, runs a version of Linux that can host malware that surreptitiously runs behind the scenes. The hackers then use the routers to conduct their malicious activities. Rather than using infrastructure and IP addresses that are known to be hostile, the connections come from benign-appearing devices hosted by addresses with trustworthy reputations, allowing them to receive a green light from security defenses.

“In summary, with root access to compromised Ubiquiti EdgeRouters, APT28 actors have unfettered access to Linux-based operating systems to install tooling and to obfuscate their identity while conducting malicious campaigns,” FBI officials wrote in an advisory Tuesday.