FBI Seizes Russian Botnet After VPNFilter Malware Infects 500K Routers Worldwide

FBI Seizes Russian Botnet After VPNFilter Malware Infects 500K Routers Worldwide

The code of this malware overlaps with versions of the BlackEnergy malware, which was responsible for multiple large-scale attacks that targeted devices in Ukraine.

The most probable cause for spreading the malware could be the lack of proper authentication and use of default credentials on the routers.

The Justice Department also advised anyone who owns SOHO or NAS products that may have been infected by VPNFilter to restart their devices.

Russian hackers similarly launched a major cyberattack on Ukraine's Constitution Day a year ago, ravaging computers as part of an effort to disrupt the country's financial system.

In blocking the group on May 23, the Justice Department said it had obtained a court warrant authorizing the Federal Bureau of Investigation to seize a computer domain that is part of the command and control system of the VPNFilter botnet.

The company has also notified the manufacturers of those devices about the threat and shared their research with worldwide law enforcement and the Cyber Threat Alliance. The stage 3 modules further acts as plugins for stage 2 malware.

It said that the number of devices infected is at least 500,000 in a minimum of 54 countries around the world.

Cisco said it was going public with what it knows about the VPNFilter campaign because it fears an imminent attack, although Cisco suspected that this would occur on Ukraine's Constitution Day on 28 June.

Ukraine's SBU security service said the malware proved Russian Federation was getting ready for a major cyberattack on the country "aimed at destabilizing the situation" during the Champions League soccer final in Kiev on Saturday and possibly the country's annual Constitution Day celebrations.

Liverpool, Real Madrid set to clash in Champions League title game
Within three minutes of replacing Isco, Bale made the flawless entrance by scoring one of the finest goals in a European final. Liverpool , on the other hand, are vying for a first Champions League win since that storied night in Istanbul 13 years ago.

Talos Intelligence - the security arm of computer networking firm Cisco, which detected the attack - said it was releasing the information before their investigations are complete because of the urgency in preventing the attack.

That's because the software shares code with malware used in previous attacks.

Talos has called VPNFilter an expansive, robust, highly capable and unsafe threat that targets devices that are challenging to defend.

The U.S. Justice Department says that it has seized an Internet domain controlled by a hacking group tied to Russian military intelligence that was planning a major cyberattack, possibly in Ukraine.

While VPNFilter infects routers and internet-connected storage devices used in home offices and small offices, the army of compromised devices can be used to launch coordinated attacks on much larger targets, Williams said.

Some 500,000 computers have been discovered to be infected with a new malware, dubbed VPNFilter, and those computers are believed to be a sort of a botnet meant to enact a huge cyberattack very soon, probably against Ukraine, Cisco analyst Craig Williams told Reuters Wednesday.

Hackers would have been able to take over home and office internet routers to create a botnet to intercept and reroute internet traffic without users knowing they were affected. It is also almost impossible to tell if a device has been infected until it's too late.

"This operation is the first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes", said John Demers, assistant attorney general for National Security, in a statement. The second stage of the malware can easily be cleared from a device by simply rebooting it, but the first stage is able to survive a reboot, making it hard to prevent a re-infection by the second stage.

Related Articles