FBI Issues Formal Warning on Massive Malware Network Linked to Russia

Jan 11, 2013
FBI Issues Formal Warning on Massive Malware Network Linked to Russia
Screen Shot 2018-05-26 at 2.22.30 PM.png


The FBI on Friday issued a formal warning that a sophisticated Russia-linked hacking campaign is compromising hundreds of thousands of home network devices worldwide and it is advising owners to reboot these devices in an attempt to disrupt the malicious software.

The law enforcement agency said foreign cyber actors are targeting routers in small or home offices with a botnet — or a network of infected devices — known as VPNFilter.

Cybersecurity experts and officials say VPNFilter has infected an estimated 500,000 devices worldwide.

"The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices," the bureau's cyber division wrote in a public alert.

"Owners are advised to consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware."

Earlier this week, the Department of Justice (DOJ) announced the bureau was working to disrupt the malware, which officials have linked to the cyber espionage group known as APT 28 or Sofacy. Some cybersecurity firms have already determined this hacking group is being sponsored by the Russian government.

Experts at Cisco’s threat intelligence arm Talos on Wednesday first called attention to VPNFilter, warning that hackers are ramping up malware attacks against Ukraine, infecting thousands of devices ahead of an upcoming national holiday in the country.

"While this isn't definitive by any means, we have also observed VPNFilter, a potentially destructive malware, actively infecting Ukrainian hosts at an alarming rate, utilizing a command and control infrastructure dedicated to that country," Talos wrote in a blog post.

"Both the scale and the capability of this operation are concerning. Working with our partners, we estimate the number of infected devices to be at least 500,000 in at least 54 countries."

The firm warned that VPNFilter could wreak havoc in a number of ways, from stealing website credentials to causing widespread internet disruption.

"The malware has a destructive capability that can render an infected device unusable, which can be triggered on individual victim machines or en masse, and has the potential of cutting off internet access for hundreds of thousands of victims worldwide."

thoughts? :nerd:
Russia really out here infiltrating the US. I thought it was BS
Why they ain’t issue s warning before the elections
Not saying it’s not real
But seems like some sort of political thing

So get rid of my router app on my phone, restart it, and change passwords

Then what
Other countries are doing whatever they want but idiot and racist America falls for it every time. You can bombard an intelligent person with as much as you want and not get a responce
All countries hack each other. For friendly and not so friendly reasons.

U.S > China
China > U.S
U.S > Russia
Russia > U.S
China > Japan
U.K > Germany
Israel > Everybody

No one (in the media) got so up in arms when it was revealed the NSA was spying on friendlies
FBI Seizes Control of a Massive Botnet That Infected Over 500,000 Routers
Screen Shot 2018-06-01 at 11.20.35 PM.png


Shortly after Cisco's released its early report on a large-scale hacking campaign that infected over half a million routers and network storage devices worldwide, the United States government announced the takedown of a key internet domain used for the attack.

Yesterday we reported about a piece of highly sophisticated IoT botnet malware that infected over 500,000 devices in 54 countries and likely been designed by Russia-baked state-sponsored group in a possible effort to cause havoc in Ukraine, according to an early report published by Cisco's Talos cyber intelligence unit on Wednesday.

Dubbed VPNFilter by the Talos researchers, the malware is a multi-stage, modular platform that targets small and home offices (SOHO) routers and storage devices from Linksys, MikroTik, NETGEAR, and TP-Link, as well as network-access storage (NAS) devices.

Meanwhile, the court documents unsealed in Pittsburgh on the same day indicate that the FBI has seized a key web domain communicating with a massive global botnet of hundreds of thousands of infected SOHO routers and other NAS devices.

The court documents said the hacking group behind the massive malware campaign is Fancy Bear, a Russian government-aligned hacking group also known as APT28, Sofacy, X-agent, Sednit, Sandworm, and Pawn Storm.

The hacking group has been in operation since at least 2007 and has been credited with a long list of attacks over the past years, including the 2016 hack of the Democratic National Committee (DNC) and Clinton Campaign to influence the U.S. presidential election.

"This operation is the first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities," John Demers, the Assistant Attorney General for National Security, said in a statement.Among other, Talos researchers also found evidence that the VPNFilter source code share code with versions of BlackEnergy—the malware responsible for multiple large-scale attacks targeting devices in Ukraine that the U.S. government has attributed to Russia.

VPNFilter has been designed in a way that it could be used to secretly conduct surveillance on its targets and gather intelligence, interfere with internet communications, monitor industrial control or SCADA systems, such as those used in electric grids, other infrastructure and factories, as well as conduct destructive cyber attack operations.

The seizure of the domain that is part of VPNFilter's command-and-control infrastructure allows the FBI to redirect attempts by stage one of the malware (in an attempt to reinfect the device) to an FBI-controlled server, which will capture the IP address of infected devices and pass on to authorities around the globe who can remove the malware.

Users of SOHO and NAS devices that are infected with VPNFilter are advised to reboot their devices as soon as possible, which eliminates the non-persistent second stage malware, causing the persistent first-stage malware on their infected device to call out for instructions.

"Although devices will remain vulnerable to reinfection with the second stage malware while connected to the Internet, these efforts maximize opportunities to identify and remediate the infection worldwide in the time available before Sofacy actors learn of the vulnerability in their command-and-control infrastructure," the DoJ said.Since VPNFilter does not exploit any zero-day vulnerability to infect its victims and instead searches for devices still exposed to known vulnerabilities or having default credentials, users are strongly recommended to change default credentials for their devices to prevent against the malware.

Moreover, always put your routers behind a firewall, and turn off remote administration until and unless you really need it.

If your router is by default vulnerable and can't be updated, it is time you buy a new one. You need to be more vigilant about the security of your smart IoT devices.

This is a license to SELL and use your face and name and location for WHATEVER THEY WANT... not no underground secret **** you think they might want to do.... They can put your face on a goddamn billion dollar ad, not pay you ****, and you signed up for it

Let denzel washington use this ****... He just signed over his face for them to put in tv ads, billboards, gay sex movies, whatever the **** they want...

This not being GDPR (regulated) means NO, facebook, apple, twitter, IG do NOOOOOOOOOOOOOOT have the same policy... at all
Top Bottom