Hackers Tied to Russia Infected Innumerable Routers; FBI

The Federal Bureau of Investigation issued a critical alert to users to immediately switch off their Internet routers and then turn them on again.

The New York Times (NYT) reports that an advance malicious software having connection with Russia has by now contaminated numerous routers. The software halts web traffic to gather info passing via routers in offices and homes, while disables the devices completely.

The malicious software dubbed VPNFilter affected no less than 500,000 routers across 54 nations, said one cyber-security team from Cisco security company on May 23. The malware reportedly attacks small office and home routers of consumer level, while maintains watch over local traffic as well as erases all data inside the routers, destructing them while blocking end-users' access to the Internet. It is reported routers from manufacturers TP-Link, Netgear, Linksys, and MikroTik could be impaired due to the malware. However, FBI again recommends restarting the type of routers described, in its post dated May 26, 2018 on fortune.com.

Upon getting court's approval, FBI can now confiscate a website which could have been utilized for issuing commands to the compromised routers. And though with that malicious communications would get curtailed, it even then kept the routers contaminated, while the alert was meant for having those devices cleaned up, elaborates Reuters. The court's approval, according to the Department of Justice, was obtained after it stated the hackers belonged to the Sofacy group that had other names such as Fancy Bear and APT28 while believably worked under the direction of military intelligence agency of Russia. The group had invaded the Democratic National Committee just prior to the United States presidential election of 2016, NYT notes.

Worryingly, even following restarting of the router, router devices can again be tainted with VPNFilter's first stage payload.

Among the various recommendations of FBI to consumer-level router owners, re-staring, making up-to-date, altering default passwords as well as deactivating remote administration on their devices were the key and required not beyond 15 minutes. However, doing one factory reset of the impacted devices would completely eliminate the malware, as per Cisco's advisory dated May 23.

» SPAMfighter News - 6/1/2018