The FBI issued a warning on Friday claiming that Russian hackers has compromised at least 500,000 routers of office and home and could shut down network traffics or collect user information.
The U.S law enforcement agency has urged the owners of many routers to turn the servers off and on again and to also download updates from the manufacturer in order to protect themselves.
The malicious attack is being dubbed “VPNFilter.” The Russian government is presumed to be behind it. That’s because the malware uses code found in previous cyber attacks carried out by Russia.
If your router is infected with this malware it could be used for interfering with internet communications, spying, or DDoS attacks. A similar DDoS attack happened in December 2015 in Ukraine when part of its energy grid was targeted.
The VPNFilter malware allows hackers to have remote access to infected devices. It also has an auto-destruct feature. This allows the cybercriminals to delete the malware, along with other software on infected machines that would make them inoperable.
Once your router is hacked, criminals can execute these attacks:
-> Identify other vulnerable devices in the network
-> Read your gadget configurations
-> Map your internal network
-> Harvest usernames and passwords
-> Impersonate administrators
-> Modify firmware
-> Modify operating systems
-> Change configurations
-> Spy on your traffic and redirect it through Russian-controlled servers
The FBI stated in a Facebook post saying:
“The FBI recommends any owner of small office and home office routers power cycle (reboot) the devices. Foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide by using VPNFilter malware to target small office and home office routers. The malware is able to perform multiple functions, including possible information collection, device exploitation, and blocking network traffic.”’
The warning has come about since a court order gave the FBI authorisation to seize any website that the hackers could have used as part of a botnet.
After obtain the court order the Justice Department claimed the hackers involved in this attack were associated with a group named Sofacy, who are affiliated with the Russian government.
Sofacy have also been known to be called APT28 and Fancy Bear who were accused for a number of the more severe Russian cyber attacks, one of which being the Democratic National Committee which occurred in the 2016 U.S presidential promotions.