Malware for your router.....wow they are getting fucking creative. Basically if you have any of the wifi routers below, reboot them immediately and reset them to default asap. Then change any passwords you've been using. This malware installs a VPN on your router which then redirects all network traffic through its servers to sniff out usernames and passwords. It also has a self destruct feature to brick the device... incredible.
Definitely seems to be nation developed opposed to a random hacker...so this is a pretty sophisticated attack.
Definitely seems to be nation developed opposed to a random hacker...so this is a pretty sophisticated attack.
“The known devices affected by VPNFilter are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well at QNAP network-attached storage (NAS) devices,” Talos said in the report. The malware is not known to have infected other types of routers, though they may be susceptible, and it appears to avoid IoT devices, which purge malware typically when rebooted.
**Impacted Models:**
* Linksys E1200
* Linksys E2500
* Linksys WRVS4400N
* Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
* Netgear DGN2200
* Netgear R6400
* Netgear R7000
* Netgear R8000
* Netgear WNR1000
* Netgear WNR2000
* QNAP TS251
* QNAP TS439 Pro
* Other QNAP NAS devices running QTS software
* TP-Link R600VPN
**Q: If I own an affected device, what should I do?**
A: Users of affected devices are advised to reboot them immediately. If the device is infected with VPNFilter, rebooting will remove Stage 2 and any Stage 3 elements present on the device. This will (temporarily at least) remove the destructive component of VPNFilter. However, if infected, the continuing presence of Stage 1 means that Stages 2 and 3 can be reinstalled by the attackers. (Edit:FBI already seized control of the domain so this won't happen.)
You should then apply the latest available patches to affected devices and ensure that none use default credentials.
**Q: If Stage 1 of VPNFilter persists even after a reboot, is there any way of removing it?**
A: Yes. Performing a hard reset of the device, which restores factory settings, should wipe it clean and remove Stage 1. With most devices this can be done by pressing and holding a small reset switch when power cycling the device. However, bear in mind that any configuration details or credentials stored on the router should be backed up as these will be wiped by a hard reset.
https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware
https://www.thedailybeast.com/exclusive-fbi-seizes-control-of-russian-botnet
https://gizmodo.com/nation-state-hackers-could-self-destruct-half-a-million-1826276031