VPN Filter malware

TP-Link router. © iStock.

VPN Filter, a sophisticated malware, uses known vulnerabilities to infect routers made by Linksys, MikroTik, Netgear, QNAP and TP-Link. Once installed, the malware uses a central infrastructure to install specialized plug-ins on the router. One plug-in allows hackers to listen to their victims’ Internet traffic to steal their Web identifiers; another one targets a protocol used in industrial control networks, such as in the power grid. A third plug-in allows attackers to paralyze any or all infected hardware. Together, all of the infected units in dozens of countries make up a 500,000-router strong botnet controlled by a Russian hacker group called Sofacy. However, the FBI has likely dealt a fatal blow to the botnet by erasing Photobucket photos whose metadata was being used by VPN Filter, and by seizing the domain name of a backup infrastructure after a federal court judge ordered the transfer of the name by domain registrar Verisign.

⇨ Ars Technica, “Hackers infect 500,000 consumer routers all over the world with malware.”

⇨ Ars Technica, “FBI seizes domain Russia allegedly used to infect 500,000 consumer routers.”