Someone Has Infected At Least 500,000 Routers All Over The World
Someone Has Infected At Least 500,000 Routers All Over The World And No One Knows Why
Unknown hackers have reportedly infected at least 500,000 routers and other network devices all over the world with sophisticated and potentially destructive malware—and the Ukrainian government believes Russian hackers may use this botnet in an attack ahead of the Champions League soccer final this week in Kiev.
On Wednesday, Cisco’s subsidiary Talos warned of this new malware campaign, dubbing it “VPNFilter” because that’s the name of the folder where the malware creates and installs itself on the infected devices. Talos researchers wrote that VPNFilter’s most dangerous feature is that it can make the devices it lives on completely unusable thanks to a “kill” command.
“If it suited their goals, this command could be executed on a broad scale, potentially rendering hundreds of thousands of devices unusable, disabling internet access for hundreds of thousands of victims worldwide or in a focused region where it suited the actor’s purposes,” the Talos report read.
Got a tip? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at firstname.lastname@example.org, or email email@example.com
VPNFilter can also be used to exfiltrate and monitor data that passes through the routers, use the infected devices as infrastructure to launch other attacks, and it appears to be designed to target critical infrastructure, too. Talos researchers believe the hackers behind the malware may be planning to use the infected devices as a way to hide their tracks in future operations.