Malware that could cut 500,000 users off from internet
VPNFilter, a sophisticated malware program, is said to have infected more than 500,000 routers in 54 countries, and could potentially cut users off from the internet.
This malware can steal logins and passwords, can monitor industrial controls, and contains a killswitch for routers.
Cisco’s cyber intelligence Talos unit believes the Russian government is behind the software since the latest hack shares some of the code used in previous Russian cyber attacks and that the Russian government aims to plant VPNFilter to launch a cyber attack on Ukraine.
“The code of this malware overlaps with versions of the BlackEnergy malware—which was responsible for multiple large-scale attacks that targeted devices in Ukraine,” the unit said in a blog post. “While this isn’t definitive by any means, we have also observed VPNFilter, a potentially destructive malware, actively infecting Ukrainian hosts at an alarming rate, utilizing a command and control (C2) infrastructure dedicated to that country.”
VPNFilter has infected routers in Ukraine in particular at an “alarming rate,” with a spike in infections in the Eastern European country on May 8 and May 17. Talos researchers are still looking into how the malware infects routers but said that routers from Linksys, MikroTik, Netgear and TP-Link are affected.
Attacks on routers hit a sensitive spot because hackers can use it to monitor web activity, including passwords. In April, US and UK officials warned about Russian hackers targeting millions of routers around the world, with plans to carry out massive attacks leveraging the devices. In that announcement, the FBI called routers a “tremendous weapon in the hands of an adversary.”
Talos is recommending that people reset their routers to factory defaults to remove the potentially destructive malware and update their devices as soon as possible.
By Daniëlle Kruger
Follow Daniëlle Kruger on Twitter
Follow IT News Africa on Twitter