FBI issues formal warning on massive malware network linked to Russia
The FBI on Friday issued a formal warning that a sophisticated Russia-linked hacking campaign is compromising hundreds of thousands of home network devices worldwide and it is advising owners to reboot these devices in an attempt to disrupt the malicious software.
The law enforcement agency said foreign cyber actors are targeting routers in small or home offices with a botnet — or a network of infected devices — known as VPNFilter.
Cybersecurity experts and officials say VPNFilter has infected an estimated 500,000 devices worldwide.
“The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices,” the bureau’s cyber division wrote in a public alert.
“Owners are advised to consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware.”
Earlier this week, the Department of Justice (DOJ) announced the bureau was working to disrupt the malware, which officials have linked to the cyber espionage group known as APT 28 or Sofacy. Some cybersecurity firms have already determined this hacking group is being sponsored by the Russian government.
Experts at Cisco’s threat intelligence arm Talos on Wednesday first called attention to VPNFilter, warning that hackers are ramping up malware attacks against Ukraine, infecting thousands of devices ahead of an upcoming national holiday in the country.
“While this isn’t definitive by any means, we have also observed VPNFilter, a potentially destructive malware, actively infecting Ukrainian hosts at an alarming rate, utilizing a command and control infrastructure dedicated to that country,” Talos wrote in a blog post.
“Both the scale and the capability of this operation are concerning. Working with our partners, we estimate the number of infected devices to be at least 500,000 in at least 54 countries.”
The firm warned that VPNFilter could wreak havoc in a number of ways, from stealing website credentials to causing widespread internet disruption.
“The malware has a destructive capability that can render an infected device unusable, which can be triggered on individual victim machines or en masse, and has the potential of cutting off internet access for hundreds of thousands of victims worldwide.”