Table of Contents
The U.S. Federal Bureau of Investigation and The Justice Department announced that, “any owner of small office and home office routers”, should reboot the devices, which will hopefully be reducing their exposure to a widespread malware attack linked to Russian government actors. The FBI has reportedly seized a server used to escalate the infection, making rebooting an effective way for malware removal.
In a statement on Friday, U.S Federal Bureau of Investigation (FBI) suggested that, any owner of small office and home office routers should restart their devices, for malware removal.
This is because, recently, researchers discovered the new malware dubbed as ‘VPNFilter’, deployed by Russian hackers, which left thousands of routers infected.
Before knowing the whole story, let us talk about VPNFilter first.
Also Read : How to Stay Protected Online
What is VPNFilter?
VPNFilter is a new malware virus that is capable of infecting devices, which makes them unusable. It usually targets number of routers and network-attached devices (NAS).
Unlike other malware, VPNFilter stays even after a reboot. It can perform various hacks and tricks despite being found. Basically, this was deployed by actors with the motive to intercept Modbus SCADA communications and to take control of SCADA industrial systems. It is also capable of monitoring the local traffic, and can also destroy and wipe the routers, which cut users from the Internet.
According to CISCO Talos cyber security team, more than 500,000 routers in over 54 countries were affected.
The list of router devices that were infected are Linksys, MikroTik, Netgear, and TP-Link, as well as QNAP network-attached storage (NAS) devices, which includes:
- Linksys E1200
- Linksys E2500
- Linksys WRVS4400N
- Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
- Netgear DGN2200
- Netgear R6400
- Netgear R7000
- Netgear R8000
- Netgear WNR1000
- Netgear WNR2000
- QNAP TS251
- QNAP TS439 Pro
- Other QNAP NAS devices running QTS software
- TP-Link R600VPN
What Actions Justice Department and FBI Is Taking?
Regarding the malware protection, The Justice Department of USA and FBI in an effort to disrupt effect of malware, announced some precautionary measures and preventions for the users. According to FBI, the group of actors known as ‘Sofacy’ is behind this malware virus, and is active since 2007, which targets government, military, security organizations, and other targets of perceived intelligence value.
What Justice Department and FBI Have To Say?
In a statement, Assistant Attorney General Demers said,
“The Department of Justice is committed to disrupting, not just watching, national security cyber threats using every tool at our disposal, and today’s effort is another example of our commitment to do that”.
To which he also added, “This operation is the first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities”.
Regarding the same, FBI Assistant Director, Scott Smith said,
“Today’s announcement highlights the FBI’s ability to take swift action in the fight against cybercrime and our commitment to protecting the American people and their devices. By seizing a domain used by malicious cyber actors in their botnet campaign, the FBI has taken a critical step in minimizing the impact of the malware attack. While this is an important first step, the FBI’s work is not done. The FBI, along with our domestic and international partners, will continue our efforts to identify and expose those responsible for this wave of malware.”
Looks like FBI is back in action this time!
If you found this helpful, please let us know. You can also drop your feedback in the comment section below.