A campaign by Russian military intelligence to convert Ubiquiti routers into a platform for a global cyberespionage operation began as early as 2022, U.S. and foreign intelligence agencies said.

The U.S. federal government earlier this month disrupted a botnet built from hundreds of Ubiquiti routers by a hacking unit of Russian military’s Main Intelligence Directorate, known as the GRU. The Moscow threat actor, known as APT28, Fancy Bear and Forest Blizzard or Strontium, used infected routers located in the United States as proxies for hacking operations (see: US Disrupts Russian Military Intelligence Botnet).