It is not uncommon that you might need to reboot your router because of some error or bug, but it’s not often that you need to reboot it in the name of national security. The US government has advised owners of home and small business routers to restart them to neuter a particularly nasty strain of Russian malware that has exploited hundreds of thousands of devices.
The warning comes from the FBI, Department of Homeland Security, and the Department of Justice. The agencies say that a simple reboot can protect you from the “VPNFilter” malware, at least in the short term. VPNFilter is linked to a group of Russian hackers known as Fancy Bear, sometimes called Sofacy Group and APT 28. Many security experts believe the group gets backing from Russian military intelligence (the GRU), or it may simply be part of Russian intelligence. Fancy Bear is perhaps most famous for the spear phishing attack that led to the theft of 50,000 emails from Clinton advisor John Podesta in 2016.
Devices infected by VPNFilter include routers from makers like Cisco/Linksys, MikroTik, NETGEAR, and TP-Link. Some QNAP NAS boxes are also vulnerable to infection. The attackers slipped the malware onto routers that were still using default login credentials with remote access enabled, as well as those that simply had unpatched security vulnerabilities. Most older routers lack an automatic firmware update mechanism, so they’re usually full of security holes. Security firms have published lists of affected routers, but this should by no means be considered a comprehensive collection.
VPNFilter infects routers in stages, but the first one doesn’t do anything malicious. This is just a service that pings a command and control server, allowing the malware authors to load the second and third stage payloads. The second stage includes the primary tools for compromising your network. It supports data exfiltration, command execution, and more. It can also brick the router remotely if it receives a command to do so. The stage three package adds support for snooping on packets as they pass through the router and Tor communication with the controllers.
Rebooting a router clears the “advanced” stages of VPNFilter from a device, but the first stage remains in place. That means Fancy Bear could circle back and re-infect the router with stages two and three. Rebooting is only a temporary solution, so owners of the affected routers should start looking for a more modern replacement.
Pentagon Report Confirms Russian Development of Massive Nuclear Torpedo
The Pentagon's leaked 2018 nuclear report confirms that the Russians have built a long-range autonomous torpedo that could be fitted with a 100 megaton warhead.
Dutch Intelligence Tipped off FBI, NSA on Russian Cyber Attacks
The US has been certain the Russians hacked the DNC and State Department, and now we know part of why. It was Dutch intelligence operatives that hacked into some of Russia's own institutions — including their closed-circuit television cameras.
Russian Scientists Arrested for Mining Cryptocurrency at Nuclear Facility
Several Russian scientists working in one of the country's most secure research facilities thought they could use the in-house supercomputer to mine some coins.
Russia’s Attempts to Block Messaging App Telegram Are Creating a Huge Mess
Russia is attempting to enforce the ban in any possible way, but it's just causing a mess for internet users in general, not just those on Telegram.