Security News F.B.I.’s Urgent Request: Reboot Your Router

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Hoping to thwart a sophisticated malware system linked to Russia that has infected hundreds of thousands of internet routers, the F.B.I. has made an urgent request to anybody with one of the devices: Turn it off, and then turn it back on.
The malware is capable of blocking web traffic, collecting information that passes through home and office routers, and disabling the devices entirely, the bureau announced on Friday.
A global network of hundreds of thousands of routers is already under the control of the Sofacy Group, the Justice Department said last week. That group, which is also known as A.P.T. 28 and Fancy Bear and believed to be directed by Russia’s military intelligence agency, hacked the Democratic National Committee ahead of the 2016 presidential election, according to American and European intelligence agencies.
The F.B.I. has several recommendations for any owner of a small office or home office router. The simplest thing to do is reboot the device, which will temporarily disrupt the malware if it is present. Users are also advised to upgrade the device’s firmware and to select a new secure password. If any remote-management settings are in place, the F.B.I. suggests disabling them.

F.B.I.’s Urgent Request: Reboot Your Router to Stop Russia-Linked Malware
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
Instead of pointing half baked solutions to common users/citizens FBI should perhaps use there time, energy and Tax payers money and simply enforce a pushed firmware upgrade from the router companies/vendors or is that too complicated.
U5SZ7O6E_o.jpg
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Instead of pointing half baked solutions to common users/citizens FBI should perhaps use there time, energy and Tax payers money and simply enforce a pushed firmware upgrade from the router companies/vendors or is that too complicated.
U5SZ7O6E_o.jpg
It's because rebooting is the quick fix. They just took down a big botnet, so anyone who reboots will immediately regain control of his network and computers.
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
It's because rebooting is the quick fix. They just took down a big botnet, so anyone who reboots will immediately regain control of his network and computers.
I fully understand it's a quick fix but I would guess any normal thinking person would restart a router or at least the ISPs support would ask a user to do the same when they call and wonder why there connection suddenly dosen't work. A restart as mentioned in the article/report will not solve the actual issue as that issue is clearly located within the companies/vendors poorly created products. A firmware upgrade would be a extrem much better fix and actually not impossible to push out and the FBI could easy and fast contact and inform the companies/vendors, do it or we will enforce it. I strongly doubt any company/vendor would want to risk another " Kaspersky " case.

Asking old grandma to upgrade a routers firmware is in general pretty pointless and just a waste of everyones time, energy and money!
 
Last edited:

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I fully understand it's a quick fix but I would guess any normal thinking person would restart a router or at least the ISPs support would ask a user to do the same when they call and wonder why there connection suddenly dosen't work. A restart as mentioned in the article/report will not solve the actual issue as that issue is clearly located within the companies/vendors poorly created products. A firmware upgrade would be a extrem much better fix and actually not impossible to push out and the FBI could easy and fast contact and inform the companies/vendors, do it or we will enforce it. I strongly doubt any company/vendor would want to risk another " Kaspersky " case.

Asking old grandma to upgrade a routers firmware is in general pretty pointless and just a waste of everyones time, energy and money!
Right.
The FBI probably wants those routers to remain vulnerable, for its own purposes.
 

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
Actually... the Talos reports recommends a router reset to factory settings, not simply a reboot... necessitating you to manually re-enter all your settings... yet this prevents exactly nothing short of a firmware update.

Also... for "compromised" routers, a reboot will notify the Fibbies of your router info, etc. Is this something helpful to the end user?
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
Is there a list of routers affected by the malware? Or can any router be hit by the malware?
The following devices are known to be affected by this threat. Based on the scale of this research, much of our observations are remote and not on the device, so it is difficult to determine specific version numbers and models in many cases. It should be noted that all of these devices have publicly known vulnerabilities associated with them.

Given our observations with this threat, we assess with high confidence that this list is incomplete and other devices could be affected.

LINKSYS DEVICES:

E1200
E2500
WRVS4400N

MIKROTIK ROUTEROS VERSIONS FOR CLOUD CORE ROUTERS:

1016
1036
1072

NETGEAR DEVICES:

DGN2200
R6400
R7000
R8000
WNR1000
WNR2000

QNAP DEVICES:

TS251
TS439 Pro

Other QNAP NAS devices running QTS software

TP-LINK DEVICES:

R600VPN
Cisco's Talos Intelligence Group Blog: New VPNFilter malware targets at least 500K networking devices worldwide
 
F

ForgottenSeer 58943

This is scary! Hang on, let me reboot my router now..

gft.png


Oh never mind. I think I am fine. Also, if anyone thinks rebooting their router will fix a botnet hijack, I have some ocean front property to sell for $1. Don't they actually mean RESET your router?

FBI these days.. Incredible.
 

vtqhtr413

Level 26
Verified
Top Poster
Well-known
Aug 17, 2017
1,448
This seems to me to be the most helpful comments here if you keep in mind that the threat group and their ability to reintroduce the bot has been eliminated. Once you reset the router your good, no FBI edict, (which by the way they have no authority to do such a thing) nor an act of Congress is needed. I know this is a security forum but that doesn't mean we should immediately assume a conspiracy (The same FBI that wants backdoors to anything that is digital). If all you have is a hammer then everything will look like nails, does not have to be our reality.

It's because rebooting is the quick fix. They just took down a big botnet, so anyone who reboots will immediately regain control of his network and computers.

Actually... the Talos reports recommends a router reset to factory settings, not simply a reboot... necessitating you to manually re-enter all your settings

The settings you speak of would only be adjusted by maybe 5% of the home users during installation if that.
 
Last edited:

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
Here's the thing.... these are Russian state-sponsored hacker groups. exploiting routers, switches, firewalls, and network intrusion detection systems belonging to government and private-sector organizations, as well critical infrastructure providers, ISPs..

Some people are in denial about this.... Russia is hacking you.

Russian state-sponsored cyber actors are using compromised routers to conduct man-in-the-middle attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations.

The Russians have been using the Smart Install Exploitation Tool (SIET).

If you want some really good AV protection, Kaspersky is the best. Unless.... you don't want your computer to be a zombie for future attacks.... and you don't want periodic searches of your computers for tens of thousands of key terms of interest to the Russian state.

That is all.
 
F

ForgottenSeer 58943

Here's the thing.... these are Russian state-sponsored hacker groups. exploiting routers, switches, firewalls, and network intrusion detection systems belonging to government and private-sector organizations, as well critical infrastructure providers, ISPs..

Some people are in denial about this.... Russia is hacking you.

Totally correct in my experience. So much so, I've banned all Russian hardware/software from my home network and/or home devices. Ultimately, Russians are better than the Chinese at obfuscating their activities, but they are still conducting those activities.

I work from the assumption EVERYONE is hacking you. Russians, Chinese, US Govt... By working from that assumption I take proactive measures that are of ancillary benefit against all forms of hacking regardless of their sponsor.

If you want some really good AV protection, Kaspersky is the best. Unless.... you don't want your computer to be a zombie for future attacks.... and you don't want periodic searches of your computers for tens of thousands of key terms of interest to the Russian state. That is all.

Kaspersky through ADOBANAL extracts a LOT of information from your computer, and that extracted information is not secured. Kaspersky lets you know this in their privacy policy and also tells you it's not secure. Aside from that, I would agree that you are pretty much guaranteed to get key term sweeps on your machine with Kaspersky installed. We don't have any direct evidence of this happening... Err.. Wait, we do actually.. FSB utilized Kaspersky for key term sweeps and pre-encrypted extraction of data on a suspected spies computer. That's well documented, which means they have the capability embedded in the product AND a willingness to use it.

My 2c.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top