CATEGORIES
home News

FBI Seizes Russian Botnet After VPNFilter Malware Infects 500K Routers Worldwide

by Paul LillyThursday, May 24, 2018, 11:22 AM EDT
Network Switch

The United States Federal Bureau of Investigation and Department of Justice dealt a blow to a sophisticated Russian botnet that security researchers referred to as VPNFilter. They did it  by seizing a key domain used to perpetuate the attacks. In doing so, the agencies effectively disrupted a malicious effort that was able to infect hundreds of thousands of routers and network storage devices.

Security researchers estimate that at least 500,000 network devices scattered across 54 countries were unwittingly part of the botnet. According to Talos Intelligence, VPNFilter affected devices build by several notable brands, including Linksys, MikroTik, Netgear, and TP-Link in the small and home office (SOHO) space, along with QNAP-brand network attached storage (NAS) storage devices. Other vendors, including Cisco, do not appear to have been affected.

"Today's announcement highlights the FBI's ability to take swift action in the fight against cybercrime and our commitment to protecting the American people and their devices," said Assistant Director Scott Smith. "By seizing a domain used by malicious cyber actors in their botnet campaign, the FBI has taken a critical step in minimizing the impact of the malware attack. While this is an important first step, the FBI's work is not done. The FBI, along with our domestic and international partners, will continue our efforts to identify and expose those responsible for this wave of malware."

The pesky botnet uses several stages of malware to infiltrate routers and NAS boxes. The second stage of the malware can easily be cleared from a device by simply rebooting it, but the first stage is able to survive a reboot, making it difficult to prevent a re-infection by the second stage.

That's where seizing the domain comes into play. The FBI took control of a domain that is part of the malware's command-and-controller infrastructure and is now able to redirect attempts by stage one of the malware to an FBI-controller server. This should stop the infection from spreading, though the onus is still on device makers to issue firmware patches and software updates.

According to the DoJ, the group responsible for VPNFilter has been operating since at least 2007 and has targeted government, military, security organizations, and other entities of perceived intelligence value.
Tags:  Malware, security, botnet, Russia, vpnfilter
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment