Feds Say Your Internet Router May Be Infected With Russian Malware



The FBI said it would gather the IP addresses of infected devices, and pass those to the Shadowserver Foundation to disseminate among ISPs and non-US CERTs. The malware system is able to render the routers inoperable, and can also collect information passing through the router. Foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide. The attackers can selectively destroy a single device or wipe all infected devices at once. Rebooting your router will disrupt any malware currently on it, and the DOJ seizure should prevent the Russian malware from re-installing itself at least for now, according to The New York Times.

The bureau announced on Friday that the VPNFilter malware is targeting small office and home office routers. It says that many popular router brands were infected, including Linksys, MikroTik, Netgear and TP-Link. The FBI urges you simply turn your router off, and then back on.

The FBI also recommends disabling remote management settings, enabling encryption, and upgrading your devices firmware.

Talos noted that the malware was trying to target machines in the Ukraine, and the Federal Bureau of Investigation attributed the attacks to the group known as "Sofacy" or "Fancy Bear".

"Most of the devices targeted are known to use default credentials and/or have known exploits, particularly for older versions".

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.