To Derek Hawkins | The Washington Post
U.S. Law enforcement agencies are trying to take control of a network of hundreds of thousands of wireless routers and other devices infected with malware and under the control of a Russian Bob Johnson said: "These hackers exploit vulnerabilities and endanger the privacy and security of every American network."
Johnson encouraged employees and businesses to take several steps: Reboot the device first, which can break the malware, if any. Second, to update network equipment and change passwords ̵
In a statement released late Wednesday, the Department of Justice said the FBI had received a court order to seize a domain at the core of the massive botnet, which would allow the government to redirect the victims to an FBI-controlled malware Server to protect.
The DOJ led the hacker campaign to the group called Sofacy, also known as Fancy Bear. While the statement did not explicitly mention Russia, Fancy Bear is the Russian military-affiliated group that broke through the Democratic National Committee in the presidential election.
"This operation is the first step in disrupting a botnet that provides the sofacy actors with a set of capabilities that could be used for a variety of malicious purposes, including gathering information, stealing valuable information, destructive or disruptive attacks and the wrong allocation of such activities, "said Deputy attorney General for national security John Demers [19659002DieAnkündigungderSalvederStrafverfolgungsbehördenkamnurwenigeStundennachdemdieCybersicherheitsforschervonCiscosGeheimdienstTaloswarntendasshochentwickelteHackermindestens500000Geräteinmindestens54Ländernmitderals"VPNfilter"bezeichnetenMalwareinfizierthätten
German: www.germnews.de/archive such" alarming rate "in the past Weeks that the researchers believed that hackers who are affiliated with a state government, a massive cyber attack on the country vo prepared, the researchers said. While the researchers themselves did not call Russia, they said that the malware had some of the same features of recent Russian government-backed hacker campaigns that destroyed parts of the country's power grid.
"This malware's code overlaps with versions of the BlackEnergy malware – which was responsible for several major attacks targeting devices in Ukraine," Talos said in a blog post. The US government and security experts have attributed these attacks to Russia.
The latest campaign fits in with a pattern of influence operations that the Russian government has used in recent years as part of a digital stage impact strategy, said Nina Jankowicz, a staff member at the Wilson Center.
"Ukraine has always been a testing ground for Russian cyber activity," she told me. "Russia claims its cyber capability, and wants the US and the West to know what they are capable of without having to launch an attack on a Western government, which would lead to retaliation."
Yet it is not It's surprising that the threat was a priority for the US – not just because Russia was in the limelight during its 2016 election campaign.
Earlier this year, the White House blamed Russia for the NotPetya cyber attack in June 2017 as Russian military hacker networks squeezed through Ukraine and erased data from financial firms, government agencies and other institutions around the world. The White House said it was the "most destructive and costly cyber attack in history" and vowed it would "have international consequences."
Craig Williams, the head of the Talos security team, told me the worst case scenario was that the mass of infected devices was powerful enough to be used to carry out a "possible sequel" to the NotPetya attack.
"We're rolling right on the anniversary of this attack," Williams said. If hundreds of thousands of routers were shut down at the same time, he said, "This will be very similar to NotPetya."
Williams called VPN Filter the "Swiss Army Knife for Malware". In addition to its use for espionage purposes, the malware can intercept communications on industrial control systems used throughout the energy sector, as well as in manufacturers, water treatment plants and other critical infrastructure operators. It also has a destructive capability known as "bricking," which allows the malware to permanently disable any infected device.
By infecting wireless consumer routers, hackers aimed for a particularly weak connection in computer networks, said Michael Daniel, president of the Cyber Threat Alliance, which also includes Cisco.
It's "particularly damaging because it targets devices that are hard to defend," he said. "They're sitting on the edge of the network or on the outside of the firewall, they do not really have router routines."
The FBI and the Department of Homeland Security have warned trusted Internet service providers about malware, according to the DOJ. Cisco says users can disable the malware beyond their first level by restarting their routers.