Washington, D.C., USA: The Federal Bureau of Investigation, FBI, today warned of massive Russia-linked hacking campaign targeting home devices saying that “foreign cyber actors target home and office routers and networked devices worldwide”
“The FBI recommends any owner of small office and home office routers power cycle (reboot) the devices. Foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide. The actors used vpnfilter malware to target small office and home office routers. The malware is able to perform multiple functions, including possible information collection, device exploitation, and blocking network traffic.”
The size and scope of the infrastructure impacted by vpnfilter malware is significant. The malware targets routers produced by several manufacturers and network-attached storage devices by at least one manufacturer. The initial infection vector for this malware is currently unknown.
FBI warned that VPNFilter is able to render small office and home office routers inoperable. The malware can potentially also collect information passing through the router. Detection and analysis of the malware’s network activity is complicated by its use of encryption and misattributable networks.
‘”The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices. Owners are advised to consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware”, the bureau’s cyber division wrote in a public alert. .
Cybersecurity experts and officials say VPNFilter has infected an estimated 500,000 devices worldwide.
Earlier this week, the Department of Justice (DOJ) announced the bureau was working to disrupt the malware, which officials have linked to the cyber espionage group known as APT 28 or Sofacy. Some cybersecurity firms have already determined this hacking group is being sponsored by the Russian government.
Experts at Cisco’s threat intelligence arm Talos on Wednesday first called attention to VPNFilter, warning that hackers are ramping up malware attacks against Ukraine, infecting thousands of devices ahead of an upcoming national holiday in the country.
“While this isn’t definitive by any means, we have also observed VPNFilter, a potentially destructive malware, actively infecting Ukrainian hosts at an alarming rate, utilizing a command and control infrastructure dedicated to that country,” Talos wrote.
“Both the scale and the capability of this operation are concerning. Working with our partners, we estimate the number of infected devices to be at least 500,000 in at least 54 countries.”
The firm warned that VPNFilter could wreak havoc in a number of ways, from stealing website credentials to causing widespread internet disruption.
“The malware has a destructive capability that can render an infected device unusable, which can be triggered on individual victim machines or en masse, and has the potential of cutting off internet access for hundreds of thousands of victims worldwide.”