DOJ, FBI Disrupt Russian GRU Unit's Botnet Targeting US Military, Government, Critical Infrastructure

The US Justice Department and FBI have executed a court-authorized technical operation to dismantle a segment of a botnet built from compromised American routers, a network directly controlled by a notorious Russian military intelligence unit. This action neutralized a key tool used for global DNS hijacking operations, a sophisticated cyber-espionage technique designed to steal sensitive data. The operation directly counters an active campaign by Russia's Main Intelligence Directorate (GRU), specifically Unit 26165, which had commandeered small office and home office routers across the United States.

The threat actor, known by aliases including APT28, Fancy Bear, and Forest Blizzard, used the hijacked routers to target individual US military personnel, government entities, and critical infrastructure sectors. The goal, as stated by officials, was intelligence collection for the Russian government. The operation represents a significant, proactive counter-cyber measure by US authorities, moving beyond mere attribution to actively disrupting the adversary's infrastructure on domestic soil.

This public disclosure signals heightened scrutiny and a more assertive US posture against state-sponsored cyber operations embedded within civilian infrastructure. It highlights the ongoing risk to national security from foreign actors exploiting common network devices. The takedown pressures the GRU unit's operations and serves as a public warning, demonstrating the US government's capability and willingness to directly intervene against such threats, even as the broader campaign of cyber espionage is likely to continue.