A public service announcement from the FBI on Friday recommended that owners of ‘small office and home office routers’ reset those devices by powering them down due to foreign hacking.
‘Foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide,’ the PSA posted on the FBI’s Internet Crime Complaint Center website read.
The hackers have infected these devices with VPNFilter malware, which is capable of rendering routers inoperable, as well as collecting data that passes through them.
The magnitude of Americans affected by this hack was not specifically confirmed, though the notice referred to it as ‘significant.’
Friday’s announcement followed a court order on Wednesday that granted the FBI seizure of a website the hackers were believed to be planning to use to give instructions to those routers.
The FBI recommended on Friday that owners of ‘small office and home office routers’ reset those devices by powering them down due to foreign hacking, likely carried out by ‘Sofacy’
The group of actors believed to be behind the VPNFilter malware is known as the ‘Sofacy Group,’ which is also referred to as ‘apt28,’ ‘sandworm,’ ‘x-agent,’ ‘pawn storm,’ ‘fancy bear’ and ‘sednit,’ according to the US Department of Justice.
‘The group, which has been operating since at least in or about 2007, targets government, military, security organizations, and other targets of perceived intelligence value,’ the DOJ said in a press released on Wednesday.
Sofacy is the same group believed to be responsible for many of the recent attention-grabbin Russian hacks, such as the hack of the Democratic National Committee during the 2016 US presidential campaign.
Sofacy is accused of infecting devices with malware called ‘VPNFilter’ in more than 50 countries, with the most immediate target for further action believed to have been Ukraine, Reuters reported.
The group of actors believed to be behind the attack is known as the ‘Sofacy Group,’ which is also referred to as ‘apt28,’ ‘sandworm,’ ‘x-agent,’ ‘pawn storm,’ ‘fancy bear’ and ‘sednit’
The VPNFilter malware ‘targets routers produced by several manufacturers and network-attached storage devices by at least one manufacturer,’ the FBI said.
The malware targeted devices from Belkin International’s brands, including Linksys, MikroTik, Netgear Inc, TP-Link and QNAP, Cisco Systems Inc said.
The routers known to have been infected were those purchased online and at electronic stores, an FBI official told Reuters.
However, routers provided to customers by internet service companies may also have been affected, the official said.
It’s not yet known how the VPNFilter malware infiltrated the routers.
This malware gives these hackers the capability to carry out a variety of invasive tasks, ‘including possible information collection, device exploitation, and blocking network traffic.’
This malware gives these hackers the capability to carry out a variety of invasive tasks, ‘including possible information collection, device exploitation, and blocking network traffic’
It’s not known at this time how the VPNFilter malware was able to infiltrate small office and home office routers, but once inside a device, it can render it inoperable.
‘The malware can potentially also collect information passing through the router,’ the FBI wrote. ‘Detection and analysis of the malware’s network activity is complicated by its use of encryption and misattributable networks.’
It’s believed by experts that Russia has been carrying out a series of cyber attacks against companies in Ukraine for over a year that have resulted in hundreds of millions of dollars in damages as well as one blackout.
The Ukrainian government has now accused Russia of planning a cyber attack on Ukrainian state bodies and private companies ahead of the Champions League soccer final in Kiev on Saturday.
The Kremlin denied this accusation on Thursday.
The FBI recommends the following for Americans with routers that my have been infected:
‘Any owner of small office and home office routers [should] reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices.
‘Owners are advised to consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled.
‘Network devices should be upgraded to the latest available versions of firmware.’
Those with questions about the announcement should contact their local FBI field office.
The Ukrainian government has now accused Russia of planning a cyber attack against them, ahead of the Champions League soccer final in Kiev on Saturday, which the Kremlin denied