FBI says Russia’s Fancy Bear was behind VPN Filter malware attack

    United States Federal Bureau of Investigation (FBI) has made a public announcement on Friday which states that owners of all routers operating in small offices and homes have to restart their devices in order to shake off the after-effects of VPN Filter malware attack.

    The statement clearly specifies that some hackers funded by a nation have succeeded in compromising thousands of routers and networked devices operating worldwide. And the infected devices were capable of collecting data that pass through them and were also in a position to launch denial of service attacks.

    Although the magnitude of Americans affected by this hack was not specifically mentioned, the alert posted on the FBI’s Internet Crime Complaint Center websites reads it out as ‘significant’.

    FBI hints the readers in its post that the VPN Filter malware attack could be the work of Sofacy Group, also referred as APT28, Sandworm, X Agent, Pawn storm, Fancy Bear and Sednit.

    According to the department of justice, Fancy Bear is a hackers group which is being funded by Russia and acts on the orders of Russian President Vladimir Putin and his staff related to the intelligence wing.

    In early 2017, it was revealed in a joint probe made by CIA in association with FBI that Sofacy Group targeted the Democratic National Committee during the 2016 US President Campaign and was also involved in realizing the political objectives of Mr. Putin to see Donald Trump as US President instead of Hillary Clinton.

    It is believed that Fancy Bear has succeeded in infected devices with malware called VPNFilter in more than 50 countries, with most immediate target believed to have been Ukraine’s UEFA Champions League Final.

    VPNFilter malware is said to have targeted routers produced by several manufacturers including Linksys, MikroTik, Netgear Inc, TP-Link, and QNAP- according to a discovery made by researchers of Cisco Talos.

    FBI is yet to release confirmed details on how the said malware infiltrated the routers and some storage devices.

    Naveen Goud
    Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

    No posts to display