The FBI took down a botnet of small office/home office (SOHO) routers used by Russia's Main Intelligence Directorate of the General Staff (GRU) to proxy malicious traffic and to target the United States and its allies in spearphishing and credential theft attacks.
This article gives no details, but here’s a relevant bit from another article:
[…]
And here is the press release:
https://www.justice.gov/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian
Based on this article it sounds like as long as you don’t have open ports for remote administration open and/or if you’ve changed the default admin password you SHOULD be ok? I’m curious to see what recommendations Ubiquiti has regarding this.
That’s what the released information information suggests, yes. (Edit: Assuming you took those precautions before the original attack, of course.)
Thank you. I’ve updated the post to your link.
Makes me glad I replaced the firmware on my Unifi devices with OpenWrt
OpenWrt has an admin password and UI as well. I hope you changed the former and blocked the latter on external ports, before connecting it to the internet.
Indeed. Pretty sure the latter is blocked by default.
Yes of course I changed the root password, I think it would actually be quite difficult not to do that on OpenWrt as it warns you if the password isn’t set.
Was the exploit not related to unifi’s remote / cloud administration features? That’s how I read it, unless they mean remote admin that was installed by the malware.
The articles refer to EdgeOS, not UniFi, which is a separate thing.
UniFi and Edge are different product lines. UniFi uses a controller (local or cloud-based) and edge products are the more traditional interface on the device itself.
The article clearly states that edgerouter is the affected product, which means the default password and remote admin interface were the attack vectors.
Thanks, I find the names of Ubiquiti’s product lines pretty confusing particularly as they are often used together.
I have an Edgerouter X, an Edgerouter PoE-5, two UAP-AC-LR (“Ubiquiti UniFi-AC-LR”) access points, and one UAP-AC-MESH (“Ubiquiti UniFi-AC-MESH”) access point.
The access points came with UniFi firmware, whereas the routers were running EdgeOS. I’m no longer using the PoE-5 and I’ve replaced the firmware on all of the other devices with OpenWrt.