Russian hackers targeted routers in more than 50 nations, says FBI
The FBI warned on Friday that Russian hackers had compromised hundreds of thousands of home and office routers and could collect users’ details or shut down networks.
The United States law enforcement agency urged owners of several brands of routers to turn them off and on again and to download updates from the manufacturer to protect themselves from data hacking.
The warning followed a court order on Wednesday that allowed the FBI to seize a website the hackers planned to use to give instructions to the routers.
That cut off malicious communications but still left the routers infected, and Friday’s warning was aimed at cleaning up those machines.
Infections were detected in more than 50 countries, although the primary target for further action was probably Ukraine.
In obtaining the court order, the US Justice Department said the hackers were in a group called Sofacy who answered to the Russian government. Also known as APT28 and Fancy Bear, it was blamed for the hacking of the Democratic National Committee in the 2016 US presidential campaign.
Cisco Systems said the hacking targeted devices from Belkin International’s Linksys, MikroTik, Netgear, TP-Link and QNAP. The FBI did not rule out the possibility that routers provided by internet service companies were also affected.
Cisco shared the technical details of its investigation with the US and Ukrainian governments. Western experts say Russia has attacked companies in Ukraine for more than a year.
“The size and scope of the infrastructure by VPN Filter malware is significant,” the FBI said.
The bureau said the malware was hard to detect because of encryption and other tactics but could render routers inoperable. It advised disabling remote-management settings, changing passwords and upgrading firmware.