As per an analysis by CISCO, it was found that hundreds of thousands of routers including Netgear, were infected by the malware linked to the ‘Fancy Bear’ – the hacking group.
Hoping to prevent (someone) from accomplishing a sophisticated malware system linked to Russia that has already infected hundreds of internet routers, is now stepping towards Netgear mesh system.
The F.B.I. has made an urgent request to reconfigure Netgear extender setup.
As per the CISCO announced on Friday, the malware is capable to block web traffic, collecting data and information that passes through Netgear or other standard routers, and disable the entire device.
The Justice Department said that A global network of routers is already under the control of the Sofacy Group. A.P.T. 28 and Fancy Bear believed to be guided by Russia’s military intelligence agency, according to American and European intelligence agencies.
The F.B.I. has various recommendations for owners of a wireless router. The best and easy thing to do is reboot the Netgear device, which for the nonce disrupt the A.P.T. 28 malware if it is present. Users are also advised to upgrade the Netgear firmware version and to choose a new password (must contain one capital letter, one number, one special character, and should be of minimum 8 characters length). If any remote access settings are enabled, the F.B.I. suggested to disable them.
Steps to Update Netgear Router Firmware Version
- Ensure that you have a strong internet connection.
- Connect your Netgear to your modem.
- Connect your computer to the modem.
- Open any web browser on your computer.
- Visit mywifiext.net.
- Enter the default Netgear router login credentials.
- Hit on the ‘Log In’ button.
- Click on the ‘Check Firmware Update’ option.
- If any latest firmware version is available, it will automatically download and install.
- Once done, try to restart your Netgear router.
As per the survey by Talos, the giant CISCO threat intelligence division has already estimated that nearly 500,000 routers in about 54 countries have been already infected by the malware. F.B.I. and cybersecurity researchers called it VPN Filtering. Among the affected networking equipment like router, extender, or bridge it found during the research were from Netgear, Linksys, TP-Link, and MikroTik.
The Justice Department sought and received permission to seize the toknowall.com web domain to disrupt the Sofacy network. The web domain was found as a critical part of malware’s command-and-control infrastructure. Now that the domain is under F.B.I., any attempts by the malware to infect a router will be bounced to F.B.I. Sever that save the I.P. address of the affected router.
Scott W. Brady, United States attorney stated that court has ordered seizure will assist in the identification of victim routers and disrupts the ability of these hackers to steal confidential and other sensitive data and carry out massive disruptive cyberattacks.
The survey by Talos noted significant aspects between VPNFilter’s computer code and “BlackEnergy malware versions”- which was responsible for large multi-scale attacks that targeted routers in Ukraine.
The malware has a destructive personality that can render any infected router unusable and can trigger victim machines or en masse it.
