Hackers infect 500,000 consumer routers all over the world with malware

by
Dan Goodin
from Ars Technica - All content on (#3QW3B)
linksys-wrvs4400n.jpg

Enlarge / A Linksys WRVS4400N, one of more than a dozen network devices targeted by VPNFilter. (credit: Linksys)

Hackers possibly working for an advanced nation have infected more than 500,000 home and small-office routers around the world with malware that can be used to collect communications, launch attacks on others, and permanently destroy the devices with a single command, researchers at Cisco warned Wednesday.

VPNFilter-as the modular, multi-stage malware has been dubbed-works on consumer-grade routers made by Linksys, MikroTik, Netgear, TP-Link, and on network-attached storage devices from QNAP, Cisco researchers said in an advisory. It's one of the few pieces of Internet-of-things malware that can survive a reboot. Infections in at least 54 countries have been slowly building since at least 2016, and Cisco researchers have been monitoring them for several months. The attacks drastically ramped up during the past three weeks, including two major assaults on devices located in Ukraine. The spike, combined with the advanced capabilities of the malware, prompted Cisco to release Wednesday's report before the research is completed.

Update: FBI agents have seized a key server used in the attack. The agents said Russian-government hackers used ToKnowAll.com as a backup method to deliver a second stage of malware to already-infected routers.

Read 16 remaining paragraphs | Comments

index?i=TFvMZWv4rKc:_al132RiN7A:V_sGLiPB index?i=TFvMZWv4rKc:_al132RiN7A:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments