FBI Warns Small & Home Office Owners of Possible Malware
Jun 01 2018
The FBI is warning people to reboot their small office and home office routers. A router directs traffic on the internet by forwarding data packets between computer networks. That group, also known as A.P.T. 28 and the Sofacy Group, is believed to be directed by Russia's military intelligence agency.
The F.B.I. and cybersecurity researchers are calling the malwareVPNFilter. (Note: A full reinfection is still possible - but, criminals would have to expend significant effort in order to successfully reinfect a device, and may be more likely to move on to other attacks).
The IT security experts at Cisco, who apparently detected the malware in the first place, also recommend users to reset the devices to factory settings to ensure that there is no trace of the malware.
An analysis by Talos, the threat intelligence division for the tech giant Cisco, estimated that at least 500,000 routers in at least 54 countries had been infected by the malware, which the Federal Bureau of Investigation and cybersecurity researchers are calling VPNFilter. The announcement from the F.B.I. did not provide any details about where the criminals might be based and their motivations remain unknown. The part of their campaign included a highly sophisticated and advanced form of malware known as VPNFilter.
Last week, security researchers at Cisco's cyberintelligence unit Talos warned of the attack: malicious software, dubbed VPNFilter, had infected an estimated 500,000 consumer routers in 54 countries and was targeting routers from Linksys, MikroTik, Netgear and TP-Link, and possibly others.
After a reboot, the malware is created to go back online and reload the applets.
"In particular, the code of this malware overlaps with versions of the BlackEnergy malware - which was responsible for multiple large-scale attacks that targeted devices in Ukraine", Talos said in a post on its website.
The U.S. government says it has seized a critical web domain, called toknowall.com, which the Russian hackers were using to disseminate the malware. Turning the router on and off temporarily disrupts the malware and erases parts of it, though the router can be reinfected.