(CMR) In tech news this morning the Department of Justice in connection with the FBI issued an urgent warning to persons to check their list of internet routers after a sophisticated malware system linked to Russia infected hundreds of thousands of units.
The malware is capable of blocking web traffic, collecting information that passes through home and office routers, and disabling the devices entirely, warned the FBI. A global network of hundreds of thousands of routers is already under the control of the Sofacy Group, the Justice Department said late last week.
That group, which is also known as A.P.T. 28 and Fancy Bear and believed to be directed by Russia’s military intelligence agency, hacked the Democratic National Committee ahead of the 2016 presidential election, according to American and European intelligence agencies.
Talos, the threat intelligence division for the tech giant Cisco, estimated that at least 500,000 routers in at least 54 countries had been infected by the malware, which the F.B.I. and cybersecurity researchers are calling VPNFilter. Among the affected networking equipment it found during its research were devices from manufacturers including Linksys, MikroTik, Netgear and TP-Link.
The F.B.I. has several recommendations for any owner of a small office or home office router. The simplest thing to do is reboot the device, which will temporarily disrupt the malware if it is present. Users are also advised to upgrade the device’s firmware and to select a new secure password. If any remote-management settings are in place, the F.B.I. suggests disabling them.
To disrupt the Sofacy network, the Justice Department sought and received permission to seize the web domain toknowall.com, which it said was a critical part of the malware’s “command-and-control infrastructure.” Now that the domain is under F.B.I. control, any attempts by the malware to reinfect a compromised router will be bounced to an F.B.I. server that can record the I.P. address of the affected device.
So which unlucky devices did Talos find were targeted? Here's the list:
Linksys: E1200, E2500, and WRVS4400N
Mikrotik: 1016, 1036, and 1072
Netgear: DGN2200, R6400, R7000, R8000, WNR1000, and WNR2000
QNAP: TS251 and TS439 Pro
Despite that everyone should check for security updates for their devices to be safe and address security concerns.