Federal Authorities: Reboot Your Router to Stop Russian Malware

It is not uncommon that you might need to reboot your router because of some error or bug, but it’s not often that you need to reboot it in the name of national security. The US government has advised owners of home and small business routers to restart them to neuter a particularly nasty strain of Russian malware that has exploited hundreds of thousands of devices.

The warning comes from the FBI, Department of Homeland Security, and the Department of Justice. The agencies say that a simple reboot can protect you from the “VPNFilter” malware, at least in the short term. VPNFilter is linked to a group of Russian hackers known as Fancy Bear, sometimes called Sofacy Group and APT 28. Many security experts believe the group gets backing from Russian military intelligence (the GRU), or it may simply be part of Russian intelligence. Fancy Bear is perhaps most famous for the spear phishing attack that led to the theft of 50,000 emails from Clinton advisor John Podesta in 2016.

Devices infected by VPNFilter include routers from makers like Cisco/Linksys, MikroTik, NETGEAR, and TP-Link. Some QNAP NAS boxes are also vulnerable to infection. The attackers slipped the malware onto routers that were still using default login credentials with remote access enabled, as well as those that simply had unpatched security vulnerabilities. Most older routers lack an automatic firmware update mechanism, so they’re usually full of security holes. Security firms have published lists of affected routers, but this should by no means be considered a comprehensive collection.

VPNFilter infects routers in stages, but the first one doesn’t do anything malicious. This is just a service that pings a command and control server, allowing the malware authors to load the second and third stage payloads. The second stage includes the primary tools for compromising your network. It supports data exfiltration, command execution, and more. It can also brick the router remotely if it receives a command to do so. The stage three package adds support for snooping on packets as they pass through the router and Tor communication with the controllers.

Rebooting a router clears the “advanced” stages of VPNFilter from a device, but the first stage remains in place. That means Fancy Bear could circle back and re-infect the router with stages two and three. Rebooting is only a temporary solution, so owners of the affected routers should start looking for a more modern replacement.

Continue reading

Russia Might Issue Fines for Using SpaceX Starlink Internet Service

You can get Starlink internet in a few places, but Russia doesn't want any of its citizens going through the SpaceX system as it expands. In fact, the country has floated the idea of fining people for using Starlink or other foreign satellite internet services.

Russia to Build 8-Core RISC-V CPUs for Laptops, Government Systems

Russia is investing in homegrown RISC-V CPUs, with eight-core chips at 2GHz expected by 2025.

Google, Apple Cave to Russian Government Pressure, Remove Navalny Voting App

That means citizens who have not already downloaded the app will find it much harder (or impossible) to get it, and the opposition's efforts to gain ground against Putin's United Russia party could suffer.

Huawei 2.0: Invading Ukraine Could Cost Russia the Modern Semiconductor Market

The United States is threatening to use export controls to sanction Russia if it invades Ukraine. The Biden Administration would presumably use some of the same tools the Trump Administration previously deployed against Huawei.The Ultimate BanhammerThe United States maintains a list of individuals, corporations, governments, and non-governmental organizations (NGOs) that are subject to export restrictions.…