The FBI has issued an alert warning users to reboot, update and secure their routers as a precaution against a widespread, foreign state-sponsored malware attack.
VPNFilter is believed by the Federal Bureau of Investigation to have been created by a Russian group known as "APT28", state-sponsored hackers sometimes known as "Sofacy" or "Fancy Bear" who are also believed to have run various election-related cyber-campaigns during the 2016 US President Election season. According to Cisco's Talos cyberintelligence unit, the malware could enable hackers to get access to the consumer private information on their websites and misuse it for their gains. That group, also known as A.P.T. 28 and the Sofacy Group, is believed to be directed by Russia's military intelligence agency.
The authorities recommend users to hard-reset their home routers by unplugging it and plugging it back in, as this step would disable the malware in most cases, although there is no guarantee of that. "Your devices can be used to attack our infrastructure".
A new malware called VPNFilter managed to infect more than 500,000 devices in over 54 countries around the world.
The analysis by Talos noted significant similarities between the computer code for VPNFilter and that of another type of malware called BlackEnergy. The announcement from the F.B.I. did not provide any details about where the criminals might be based and their motivations remain unknown.
This VPNFilter malware comes in three stages, and it's important to understand the difference. To inoculate your device, your best bet is to download the latest firmware. This malware has the ability to watch the traffic that is moving through the router - stealing data, executing commands, blocking network traffic and even "bricking" the device.
The F.B.I. has made an urgent request for anybody with one of the potentially affected devices to reset their router. The simplest thing to do is reboot the device, which will temporarily disrupt the malware if it is present.
The U.S. government says it has seized a critical web domain, called toknowall.com, which the Russian hackers were using to disseminate the malware. Also, the internet service providers should closely work with consumers to ensure that the routers in use are updated with security mechanisms.