Federal Bureau of Investigation to all router users: Reboot now to neuter Russia's VPNFilter malware

Muriel Colon
May 29, 2018

If you've had router issues in the past, you're probably familiar with the rebooting process.

Users should update network devices to the latest versions of firmware to prevent further malware attacks. The FBI said rebooting routers will disrupt the malware and help the bureau identify which networking devices were affected.

The FBI believes hackers are blocking web traffic and collecting information that passes through these routers.

The Times reports that the malware is being spread by the Sofacy Group, which hacked the Democratic National Committee before the 2016 election, and is thought to be controlled by Russian military intelligence.

Law enforcement authorities are investigating a report that a malware system from Russian Federation infected routers in the U.S.

The malware, dubbed VPNFilter, was developed by the Russian state-sponsored hacking group Sofacy, also known as Fancy Bear and APT28, according to the Federal Bureau of Investigation, which last week obtained a warrant to seize a domain used to control the infected routers. The attackers slipped the malware onto routers that were still using default login credentials with remote access enabled, as well as those that simply had unpatched security vulnerabilities.

As we noted last Thursday, a reboot only removes part of the infection: the infected device will still try to contact command and control servers. Among the affected networking equipment it found during its research were devices from manufacturers including Linksys, MikroTik, Netgear and TP-Link.

Experts suggest setting a strong password for you router as well.

Other reports by

Discuss This Article