FBI Seizes Domain To Thwart VPNFilter Attack On Ukraine

CyberCrimeSecuritySecurity Management

DDoS denial. Feds seize control of domain that communicates with home routers infected with malware

The US FBI has seized control of a web domain to thwart a potential cyber-attack on Ukraine ahead of the Champions league final on Saturday.

The imminent cyber-attack, dubbed VPNFilter malware by researchers at Cisco’s Talos computer security unit, was being blamed on the Russian government.

This because the malware shares code with malware previously used in cyber-attacks which the US government has attributed to Moscow.

Russian internet © Pavel Ignatov Shutterstock 2012

FBI seizure

On Thursday Cisco warned that VPNFilter has infected at least half a million routers and storage devices in dozens of countries.

The malware is capable of monitoring internet traffic, to obtain sensitive details such as login credentials, as well as initiating destructive attacks on industrial networks.

The VPNFilter malware seemed to be targetting the Ukraine with another cyber-attack. This country has suffered previous malware outbreaks, which in turn have spread worldwide, including the June 2017 “NotPetya” attack that UK and US officials said was the most destructive cyber-incident to date.

But now according to the BBC, the FBI seized a website that was helping communicate with home routers infected with malware that would carry out the digital bombardment.

The FBI is now trying to clean up infected machines, after it was granted a court order earlier this week.

This court ruling ordered website registrar Verisign to hand over control of the ToKnowAll.com domain to the FBI.

It seems that infected routers and storage devices regularly contacted that domain in order to update the malware with which they were infected.

But by seizing control of the domain, the FBI is be able to log the location of infected machines and co-ordinate efforts to clean them up.

Russian denial

The state-sponsored group known as Sofacy/Fancy Bear has been identified as both developing the malware and preparing the attack.

“This operation is the first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes,” John Demers, assistant attorney general for National Security, is quoted as saying in a statement.

Russia has denied an allegation by Ukraine that Russia was planning a cyber-attack on the country. Russia has also this week denied an international investigation that concluded that a Russian military missile had shot down flight MH17 over eastern Ukraine in 2014, killing all 298 people aboard.

Cisco meanwhile has warned that the malware includes a “kill” switch, which could render devices unusable if it were used.

A reboot of infected devices is not enough.

To clear the infection, users have to restore the devices to their initial factory settings. Users are also being urged to update the firmware on their routers.

In March this year a leading American General slammed the ability of the United States to effectively combat Russia’s cyber threats.

Army General Curtis Scaparrotti, who is also NATO’s Supreme Allied Commander in Europe, told a US Senate Armed Services Committee hearing that the US government did not have an effective unified approach to deal with Russia’s cyber threat.

Do you know all about security? Try our quiz!

Read also :

Author: Tom Jowitt
Click to read the authors bio  Click to hide the authors bio