A Russian botnet that has infected about a half million routers used in homes and business around the world with malware was disrupted on Thursday by the FBI’s seizure of a key server.
Referred to by federal officials and cybersecurity experts as “VPNFilter,” the botnet has attacked routers and network-access storage devices around the world using multi-stage malware. Once installed, the malware reports to a command-and-control infrastructure that can install plugins capable of monitoring internet activity, identifying industrial network protocols, and damaging devices.
The Russian hackers, known as the Sofacy Group, Fancy Bear, and other alliances, has been operating since at least 2007. Assistant Attorney General for National Security John Demers said the U.S. Department of Justice is committed to “disrupting, not just watching,” national security cyber threats posed by the group using every tool possible.
“This operation is the first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities,” Demers said.
By seizing control of the botnet server, the FBI has disrupted a phase of the malware that allows it to reinfect devices after rebooting. This will enable the FBI to obtain internet protocol (IP) address of infected devices and better identify the magnitude of the issue.
U.S. Attorney for the Western District of Pennsylvania Scott Brady said the U.S. Attorney’s Office would continue to “aggressively fight against threats to our national security by criminals, no matter who they work for.”
“This court-ordered seizure will assist in the identification of victim devices and disrupts the ability of these hackers to steal personal and other sensitive information and carry out disruptive cyber attacks,” Brady said. “We will be relentless in protecting the people of Western Pennsylvania — from international corporations to local businesses to the elderly — from these threats.”
FBI Special Agent in Charge Bob Johnson said the hackers had exploited vulnerabilities that put every Americans’ privacy and network security at risk. He added that there’s much to learn about how VPNFilter has compromised routers and networked devices,
“This action by the FBI, DoJ and our partners should send a clear message to our adversaries that the U.S. Government will take action to mitigate the threats posed by them and to protect our citizens and our allies even when the possibility of arrest and prosecution may not be readily available,” FBI Special Agent in Charge David LeValley said. “As our adversaries’ technical capabilities evolve, the FBI and its partners will continue to rise to the challenge, placing themselves between the adversaries and their intended victims.”