The United States’ leading law enforcement agency, the
Federal Bureau of Investigation (FBI), has seized the domain name associated with a Russian botnet. The move enables the agency to stop the botnet operating. To date, it is estimated to have infected 500,000 routers globally and forced PCs into a network spreading malware.
The United States’ Department of Justice (DOJ) has suggested that the botnet is the work of the ‘Fancy Bear’ hacking group (also known as ‘Sofacy’). The group was purportedly involved in the 2016 breach of Democratic National Committee servers prior to the last US election. It is said to use ‘VPN Filter’ malware to exploit vulnerabilities in routers produced by several companies including Linksys, NETGEAR and TP-Link. Once established, the malware adds plug-ins that can steal log-in details and attack major industry-operated networks. To date the impact of the botnet has been reported in 54 countries.
The FBI has suggested it will list infected IP addresses and contact relevant ISPs and private, and public-sector partners to address the threat before the botnet can be set up again. For those that have infected equipment, antivirus software company Symantec's 'Security Response Team' gave the following advice:
“Performing a hard reset of the device, which restores factory settings, should wipe it clean and remove Stage 1. With most devices, this can be done by pressing and holding a small reset switch when power cycling the device. However, bear in mind that any configuration details or credentials stored on the router should be backed up as these will be wiped by a hard reset.”
Do you know of anyone impacted by this botnet? Let us know the details. Add your comments below.
