FBI working to disrupt massive malware network linked to Russia

Source: The Hill | May 24, 2018 | Morgan Chalfant

The FBI is working to disrupt a massive, sophisticated Russia-linked hacking campaign that officials and security researchers say has infected hundreds of thousands of network devices across the globe.

The Justice Department late Wednesday announced an effort to disrupt a botnet known as “VPNFilter” that compromised an estimated 500,000 home and office (SOHO) routers and other network devices. Officials explicitly linked the botnet to the cyber espionage group known as APT 28, or Sofacy, believed to be connected to the Russian government. 

Officials said that the U.S. attorney’s office for the western district of Pennsylvania has obtained court orders allowing the FBI to seize a domain that is part of the malware’s command-and-control infrastructure. This will allow officials to redirect attempts by the malware to reinfect devices to an FBI-controlled server, thereby protecting devices from being infected again after rebooting.

Assistant Attorney General for National Security John C. Demers in a statement described the effort as the “first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities.”

Cybersecurity researchers first began warning of the destructive, sophisticated malware threat on Wednesday. Cisco’s Talos threat intelligence group said in a blog post Wednesday that VPNFilter had infected at least 500,000 devices in 54 or more countries.

The researchers had been tracking the hacking threat for several months and were not ready to publish their findings, but when the malware began infecting devices in Ukraine at an “alarming rate,” they decided to publish their research early.

……..

Viewing 1 post (of 1 total)
Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.