FBI’s Urgent Request: Reboot Your Router to Prevent Russian Malware-Truth!
Summary of eRumor:
After taking control of a domain used in a massive Russian cyberattack, the FBI urged internet users to reboot their routers.
The U.S. Department of Justice announced in late May of 2018 that it had seized control of a domain used by Russian hackers to infect countless SOHO brand routers and network devices with malware. Those at risk for infection were urged to reboot routers and network devices in an effort to clear the malware. However, it appears that the attack was heavily concentrated in Ukraine.
The infamous group of Russian hackers called Fancy Bear, Sandworm and Sofacy Group is behind the attack. It uses multi-staged malware to monitor web activity, gather intelligence, map critical infrastructure networks, and carryout disruptive attacks. Phase 1 of the malware is also capable of reinstalling itself on network hardware after rebooting.
By seizing control of the domain, the U.S. Attorneys Office for the Western District of Pennsylvania can now redirect the malware’s efforts to reinstall itself to a server controlled by the FBI. This will allow the FBI to identify the IP address of infected devices, a key part of efforts to identify the reach of the attack.
A press release urges owners of SONO and NAS devices to “reboot their devices as a soon as possible, temporarily eliminating the second stage malware and causing the first stage malware on their device to call out for instructions.”
Talos, the security division of Cisco, reports that most of the 500,000 infected pieces of hardware are in Ukraine.