Russian hackers could instantly cut off the internet for half a million people
'Both the scale and the capability of this operation are concerning'
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Russian hackers have infected more than half a million routers across 54 countries with sophisticated malware that contains a killswitch to instantly cut internet access to users, security researchers have revealed.
The VPNFilter malware also allows attackers to monitor the web activity of anyone using the routers, including the their passwords, potentially opening up the possibility of further hacks.
“Both the scale and capability of this operation are concerning,” William Largent, a researcher at the cybersecurity firm Talos, said in a blogpost describing the vulnerability.
“The destructive capability particularly concerns us. This shows that the actor is willing to burn users’ devices to cover up their tracks, going much further than simply removing traces of the malware.”
The malware has been attributed to a group of Russian hackers, who are variously known as Sofacy Group, Fancy Bear and Apt28. The group has been in operation since the mid-2000s and has previously been blamed for attacks ranging from the Ukrainian military to the 2017 French elections.
Security researchers tell The Independent that the discovery of the malware highlights a broader issue of how vulnerable internet-connected infrastructure is to cyber attacks.
“No longer can we afford to keep our critical infrastructure connected to, and therefore directly accessible to, the internet,” said Eric Trexler, vice president of global governments and critical infrastructure at cybersecurity firm Forcepoint.
“VPNFilter proves that time tested military techniques such as network segregation not only makes sense, but is required if we expect industrial services to remain resilient in the face of sophisticated and persistent attacks.”
Routers found to be vulnerable to the VPNFilter malware include Linksys, MikroTik, Netgear and TP-Link, all of which are often used in homes or small offices. The researchers say they have not yet completed their research but they are making it public now to draw attention to it.
“Defending against this threat is extremely difficult due to the nature of the affected devices,” Mr Largent said.
“The majority of them are connected directly to the internet, with no security devices or services between them and the potential attackers.”
The FBI responded to the revelations by granting court permission to seize a web domain believed to be in control of the Russian hackers.
“This operation is the first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities,” Assistant Attorney General for National Security John Demers said in a statement on Wednesday.
FBI Special Agent Bob Johnson added: “Although there is still much to be learned about how this particular threat initially compromises infected routers and other devices, we encourage citizens and businesses to keep their network equipment updates and to change default passwords.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments