On Friday, the FBI warned that Russian computer hackers had compromised hundreds of thousands of home and office routers in an attempt to collect users’ information by hijacking the devices and even shut down network traffic.
The warning followed a court order on Wednesday allowing the FBI to seize a website that the hackers planned to use to deliver instructions to the routers. “Foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide,” the FBI said.
\Infections were detected in as many as 50 nations with the primary target being Ukraine, a country that has long been the unfortunate recipient of several cyberattacks.
“The size and scope of the infrastructure impacted by VPNFilter malware is significant,” read an excerpt from the FBI statement. “The malware targets routers produced by several manufacturers and network-attached storage devices by at least one manufacturer. The initial infection vector for this malware is currently unknown.”
The FBI said that the Russian hackers involved belonged to a group called Sofacy, a cyberespionage group alleged to be backed by the Russian government. Sofacy is also commonly known as Fancy Bear and APT28, names associated with several infamous Russian hacks including that of the US Democratic National Committee (DNC) during the 2016 US presidential campaign.
While one FBI official claimed that the kinds of routers affected by the hack were purchased by users through the internet and electronic stores, the authority isn’t ruling out the possibility of routers provided to customers by internet service companies to be compromised as well.
The FBI is now urging all owners of small office and home office routers to reboot their devices to temporarily disrupt the malware before downloading patches and software updates to get rid of the malware altogether.
Image credit: LIFARS archive.