They identify a new Russian ‘malware’ that affects thousands of Wi-Fi routers

A report published by The Daily Beast has revealed that the Federal Bureau of Investigation (FBI) has found new Russian malware that affects the Wi-Fi router of thousands of homes and offices.

A report published by The Daily Beast has revealed that the Federal Bureau of Investigation (FBI) has found new Russian malware that affects the Wi-Fi router of thousands of homes and offices.

Federal agents have taken control, armed with a court order, of a key server in the Kremlin’s global botnet of 500,000 hacked routers. The infected routers are spread throughout the world: it is estimated that it is present in 54 countries.

According to researchers, cybercriminals planned to use the botnet to attack Ukraine. Sofacy uses malware known as VPN Filter, in order to exploit the vulnerabilities present in various router models from different manufacturers. Among them, some very common ones, such as Linksys, TP-Link, MikroTik, Netgear and Qnap.

This domain is believed to belong to a Russian hacker group known as Sofacy, the same one that was responsible for infiltrating the Democratic National Convention and the Hillary Clinton Campaign in 2016.

When malware manages to infect a device, it automatically informs a specific infrastructure. To do this, it uses several photos that the hacking group had uploaded to the Photobucket server – which has already deleted them – or the web address whose control the FBI has obtained. When a router “reports” that it has been attacked, the alerted system installs various plugins on the device, which can be used to steal access passwords or use computers connected to the network to attack control networks of industrial systems. For example, the infrastructure of the electrical network.

After taking control of the domain, the FBI can intercept the entire network operation. The agency will now be able to see the IP addresses of users whose routers are infected and inform them.

Source: www.theobjective.com