There’s a new wrinkle in the unending stream of mischievous (and potentially dangerous) news about Russian cyber crimes. The FBI has sent out an advisory, a public safety notice of sorts, for owners of routers. They’re asking that anyone with access to a small router, like those sometimes found in homes and small businesses, reset them immediately.
“A public service announcement from the FBI on Friday recommended that owners of ‘small office and home office routers’ reset those devices by powering them down due to foreign hacking,” Daily Mail writes.
“Foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide,” the agency wrote on the FBI’s Internet Crime Complaint Center website.
Hundreds of thousands. Just how many of those are American and who they might belong to is uncertain. It is also unclear what kinds of data is being mined and to what purpose.
The hacks are made by VPNFilter malware. This allows those in control to shut off routers or collect data.
The FBI has seized a website that the alleged hackers had been using to coordinate their data collection.
“The group of actors believed to be behind the VPNFilter malware is known as the ‘Sofacy Group,’ which is also referred to as ‘apt28,’ ‘sandworm,’ ‘x-agent,’ ‘pawn storm,’ ‘fancy bear’ and ‘sednit’,” DM adds, citing the US Department of Justice.
“The group, which has been operating since at least in or about 2007, targets government, military, security organizations, and other targets of perceived intelligence value,” the DOJ wrote in their press release on the most recent attacks.
Sofacy has been in the headlines before. They are the group that has been accused of carrying out the hack of the Democratic National Committee in 2016.
This attack on smaller routers, such as those made by “Linksys, MikroTik, Netgear Inc, TP-Link and QNAP, Cisco Systems,” is less dramatic, but no less dangerous.
This malware gives these hackers the capability to carry out a variety of invasive tasks, “including possible information collection, device exploitation, and blocking network traffic.”
“The malware can potentially also collect information passing through the router,” the FBI wrote.
“Detection and analysis of the malware’s network activity is complicated by its use of encryption and misattributable networks.”
“Any owner of small office and home office routers [should] reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices.”
“Owners are advised to consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled.”
“Network devices should be upgraded to the latest available versions of firmware.”