The Federal Bureau of Investigation (FBI) has issued out a warning, urging all Americans to turn their routers off and then back on, in order to combat dangerous and sophisticated Russian malware, the New York Times reports.
Capable of collecting information and blocking website traffic, the malware Russians have deployed has already affected at least 500,000 routers in 54 countries, according to an analysis conducted by Talos, Cisco’s threat intelligence division.
Rebooting the router will, the FBI claims, disrupt the malware, assuming it’s present. The agency has also urged users to upgrade router software, change passwords, and disable remote-management settings if in place.
The Russian Sofacy Group, which has already taken control over hundreds of thousands of devices, is, according to the Justice Department, believed to be directed by Russia’s military intelligence agency. The same group is believed to be behind the 2016 DNC hack.
Designed to disrupt the 2016 presidential election, the 2016 Democratic Party hack allowed the Russians to gain access to private information, including emails which were later leaked to the public via DCLeaks and WikiLeaks.
The leaked contents, among other things, suggested the party’s leadership had worked to sabotage Bernie Sanders’ presidential campaign. These happenings prompted the resignation of DNC chair Debbie Wasserman Schultz, according to the New York Times.
In April this year, as the Washington Post reported, the Democratic National Committee filed a multi-million-dollar lawsuit against the Russian government, the Trump campaign, and WikiLeaks, alleging a conspiracy to disrupt the 2016 election and prevent Hillary Clinton from winning.
It seems that the Russians have not backed down. In order to disrupt and combat the country’s newest cyber attack, the FBI has seized toknowall.com, a web domain the agency believes was a key part of the newest malware’s “command-and-control infrastructure.”
Apart from helping the FBI soften the blow of Russia’s newest cyber attack, seizing the domain will assist the agency in the identification of victim devices.
Talos, which has conducted an analysis of the malware’s impact, said that this is the same malware that had previously launched large-scale attacks in Ukraine. Apart from blocking website traffic and allowing the hackers to collect personal information, the malware can significantly compromise the router, cutting off internet access in the process.
According to Ars Technica, although the FBI has seized the domain thought to be a key part of this cyber-warfare operation, the malware can still survive because hackers may have managed to capture IP addresses of infected devices, which, in turn, means they may be able to regain control over them.