Researchers warn 500000 consumer routers infected with malware

EnlargeWikipedia

An advanced malware attack, believed to be developed by a nation-state actor, has been discovered by Cisco's Talos Intelligence research division. Known by several names, including PT28, Pawn Storm, Sandworm, Sednit and the Sofacy Group, the hackers are blamed for engineering attacks on the Organization for Security and Cooperation in Europe, the World Anti-Doping Agency, the US Democratic Party as well as several internet disruptions in Ukraine.

The ToKnowAll.com domain seized Wednesday hosted a backup server for uploading a second stage of malware to already-infected routers in the event a primary method, which relied on Photobucket, failed. It's no wonder, then, why the Justice Department announced that it was taking action to disrupt VPNFilter the same day it was revealed.

"The malware has a destructive capability that can render an infected device unusable, which can be triggered on individual victim machines or en masse, and has the potential of cutting off internet access for hundreds of thousands of victims worldwide".

Cisco researcher Craig Williams told Reuters: "With a network like this you could do anything".

VPNFilter has infected routers in Ukraine in particular at an "alarming rate", with a spike in infections in the Eastern European country on May 8 and May 17. The seizure of ToKnowAll.com is a major coup because it closes a secondary channel and may also provide previously unavailable information the Federal Bureau of Investigation can use to begin the process of helping ISPs and end users disinfect the devices. Researchers can't say for sure who is behind VPNFilter, but say code used by the malware authors overlap with BlackEnergy malware used in previous attacks in the Ukraine. The malware, dubbed VPN Filter according to a Cisco advisory, has managed to infect numerous routers from vendors like Linksys, MikroTik, Netgear, TP-Link, and certain network-attached storage devices from companies like QNAP.

"Netgear is investigating and will update this advisory as more information becomes available", a spokesman said in an emailed statement.

Super Bale sinks Liverpool as Madrid make it three in a row
If that was a let-off for Liverpool, they were their own worst enemies at the start of the second half. Sadio Mane leveled in the 55th from close range after a corner.

David Wagner: 'Jurgen Klopp is the nectar for Liverpool'
The boss went on to suggest other clubs he held talks with were too concerned with non-footballing aspects he didn't care for. And that's what I am good in. "All the rest can happen but it's not so important for me".

Trump says Venezuela is releasing American hostage
Marco Rubio, R-Fla., a member of the Senate Foreign Relations Committee, tweeted he is "very happy for Josh Holt & his family". Mr Maduro has frequently accused the U.S. of trying to overthrow him and the USA has tightened sanctions recently.

Researchers also commented on the complexity of the threat posed, stating: "Defending against this threat is extremely hard due to the nature of the affected devices".

The Kremlin did not immediately respond to a request for comment. The country has repeatedly been the victim of Russian cyberattacks, including the NotPetya ransomware, which USA and United Kingdom officials have called the "most destructive cyberattack ever".

The experts said the software tricks users into downloading security updates and is most probably created to target industrial systems and electrical grids.

"It has destructive capability". Justice said that by seizing control of one of the domains involved in running VPNFilter, it will give owners of infected routers a chance to reboot them, forcing them to begin communicating with the now-neutralized command domain. "That's not a capability usually built into malware like this", Cyber Threat Alliance President Michael Daniel said.

The researchers recommend users of small and home office-grade routers and NAS devices reset them to factory defaults and reboot them in order to remove the stage 2 and stage 3 malware, and reach out to device manufacturers to ensure up-to-date patching.

Related News:



Most liked

Astronaut Alan Bean, fourth man on the moon, dies at 86
Alan Bean, the fourth person ever to walk on the moon, died on Saturday at age 86, NASA announced on behalf of his family. Bean is survived by his wife Leslie; two children from a previous marriage, Amy Sue and Clay; and sister Paula Scott.

Real Madrid beat Liverpool to win Champions League
Football star Cristiano Ronaldo has praised Liverpool's attacker Mohamed Salah for comparing his looks to those of Lionel Messi. Mohamed Salah was cruelly taken from the field midway through the first half after suffering a shoulder injury.

Former US prisoner Josh Holt returns from Venezuela
The Venezuelan government on Saturday released an American, Josh Holt , who it has held since 2016 on weapons charges, U.S. Venezuelan authorities have claimed Holt was keeping guns in the home of the woman he went to the country to marry in 2016.

Korean leaders meet to salvage Trump-Kim summit
The negotiations come amid doubts over a potential landmark meeting between Kim and US President Donald Trump . The leaders of North and South Korea hold a surprise meeting at the demilitarized zone, for the second time .

Torture for Loris Karius as Gareth Bale destroys Liverpool
"You have to make the most of it, and think about what the players have done together". I don't know what would have happened had Mo played on, we will never know that.

Why Jose Mourinho wants to sign Marko Arnautovic
Speaking at a press conference covered by Globo Esporte, Fred said: "The talks had been in progress since January with City". Brazil will train at Tottenham after arriving in England on Sunday before their friendly with Croatia at Anfield on 3 June.

Liverpool player ratings against Real Madrid: Karius suffers nightmare, Lovren heroic
The German goalkeeper's two errors proved to be the difference in a final that was otherwise a relatively even contest. Real Madrid have won the Champion's League after a 3-1 win. "He didn't mean that but it's cost them the game".

Harvey Weinstein Surrenders Over Sex Assault Charges
Revelations in The New York Times and The New Yorker in the fall spurred official inquiries in New York , Los Angeles and London. As he turned himself in, Weinstein , 66, found himself surrounded by lights and cameras in a spectacle he couldn't control.

Malaysia Airlines MH17 downed by Russian missile
Any suspects identified and charged will be prosecuted in Dutch courts - if they can be arrested and brought to trial. We are discussing these findings with our partners and considering our options".

Champions League final: Liverpool and Real Madrid face off in Kyiv
Liverpool are seeking a sixth European title but none of Klopp's squad has played in a Champions League final. Salah was virtually unstoppable at times during the English Premier League term.

Cavaliers' Kevin Love to Miss Game 7 vs. Celtics With a Concussion
That was despite Love - second only to James in terms of importance to the organisation - going off injury early on in the game. Does anyone feel confident that they can overcome the magic of LeBron James? "Best player in the game, special night tonight".

Science teacher who tackled school shooter identified by students, parents
A student in the class said Seaman saved the day by throwing a basketball at the gunman, then running at him and tackling him. Noblesville West does not have metal detectors, but does have an armed school resource officer who responded to the shooting.

Liverpool and Real Madrid teams 'leaked' ahead of Champions League final
In the same Real Madrid video, Zidane explained what it meant to be part of a European night in that pure white jersey. Saturday's final against Liverpool in Kiev will be Real's 16th in the European Cup and Champions League.

Royal Randwick set to welcome Meghan and Harry
Prince Harry and Chelsy had an off-again, on-again relationship for seven years. Cressida Bonas at St George's Chapel, Windsor, for the royal wedding .

U.S. gymnastics head to apologise in Congress for sex abuse disgrace
She said investigations average 63 days in length, though she said some are significantly longer and some much shorter. In the wake of the #MeToo movement and the Nassar case, that has increased to about 20 to 30 calls per week.