Late last week, the Federal Bureau of Investigation (FBI) issued a warning to U.S. consumers that Russian hackers (dubbed Sofacy and a/k/a Fancy Brear and APT28, and believed to be backed by the Russian government) had compromised “hundreds of thousands” of home and office routers through malware known as VPNFilter in order to collect information by hijacking the devices and shutting down network traffic. VPNFilter can steal data or order routers to self-destruct.
The warning was on the heels of approval by a court for the FBI to seize a website that was being planned to deliver instructions to the hijacked routers. According to the FBI, “the size and scope of the infrastructure impacted by VPNFilter malware is significant.” It is estimated that the malware has infected 500,000 devices in 54 countries, including the U.S.
Cisco issued its own warning, saying that the malware has affected broadband routers and Wi-Fi devices from Linksys, TP-Link and Negear.
Therefore, the FBI is urging owners of small office and home routers to reboot the devices, and to download patches and software updates to eradicate the malware. Symantec notes that VPNFilter is very difficult to remove and can turn up after a reboot of the device, so it suggests a hard reset of the device to factory settings to remove the malware.