The GRU-attributed attacks included the installation of malware on Ubiquiti Edge OS routers, which was enabled by the use of “publicly known default administrator passwords,” the agency said.