Trend Micro researchers reported that the Moobot botnet, used by the APT28 group, is active and also utilized by cybercriminal organizations. The botnet includes Ubiquiti EdgeRouters and virtual private servers, with the threat actors using it for various malicious activities such as SSH brute forcing, pharmaceutical spam, NTLMv2 hash relay attacks, credential phishing, and more. ```
https://securityaffairs.com/162706/apt/moobot-botnet-is-still-active.html