Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 7 submissions in the queue.

Submission Preview

Link to Story

Chinese malware removed from SOHO routers after FBI issues covert commands

Accepted submission by Freeman at 2024-02-01 16:40:17 from the all your pixels belong to us dept.
News

Freeman [soylentnews.org] writes:

https://arstechnica.com/security/2024/01/chinese-malware-removed-from-soho-routers-after-fbi-issues-covert-commands/ [arstechnica.com]

The US Justice Department said Wednesday that the FBI surreptitiously sent commands to hundreds of infected small office and home office routers to remove malware China state-sponsored hackers were using to wage attacks on critical infrastructure.

The routers—mainly Cisco and Netgear devices that had reached their end of life—were infected with what’s known as KV Botnet malware, Justice Department officials said [justice.gov].
[...]
"To effect these seizures, the FBI will issue a command to each Target Device to stop it from running the KV Botnet VPN process," an agency special agent wrote in an affidavit [justice.gov] dated January 9. “This command will also stop the Target Device from operating as a VPN node, thereby preventing the hackers from further accessing Target Devices through any established VPN tunnel.
[...]
The takedown disclosed Wednesday isn’t the first time the FBI has issued commands to infected devices without the owners’ knowledge ahead of time. In 2021, authorities executed [justice.gov] a similar action to disinfect Microsoft Exchange servers that had been compromised by a different China-state group tracked as Hafnium.
[...]
In 2018, researchers reported that more than 500,000 SOHO routers had been compromised [arstechnica.com] by sophisticated malware [arstechnica.com] dubbed VPNFilter. The mass hack was later revealed to be an operation by a Russian-state group tracked as Sofacy. In that event, the FBI issued an advisory urging people to restart their routers [arstechnica.com] to remove any possible infections. The agency also seized [arstechnica.com] a domain used to control VPNFilter.
[...]
This month’s takedown comes as the Chinese government has stepped up attacks in recent years to compromise routers, cameras, and other network-connected devices to target critical infrastructure.
[...]
The US Cybersecurity and Infrastructure Agency warned [arstechnica.com] of the trend in May last year. Researchers in the private sector have issued similar warnings [arstechnica.com].

Previously on SoylentNews:
Backdoored Firmware Lets China State Hackers Control Routers With “Magic Packets” [soylentnews.org] - 20230930
Microsoft Comes Under Blistering Criticism for "Grossly Irresponsible" Security [soylentnews.org] - 20230805
Malware Turns Home Routers Into Proxies for Chinese State-Sponsored Hackers [soylentnews.org] - 20230518
US Warns of Govt Hackers Targeting Industrial Control Systems [soylentnews.org] - 20220415
State Hackers Breach Defense, Energy, Healthcare Orgs Worldwide - 20211111 [soylentnews.org]
Microsoft Exchange Server Zero Day Hack Roundup [soylentnews.org] - 20210316
Breached Water Plant Employees Shared Same Password, No Firewall [soylentnews.org] - 20210211
Iranian Spies Accidentally Leaked Videos of Themselves Hacking [soylentnews.org] - 20200716
Hackers Can Seize Control of Ballots Cast Using the Voatz Voting App, Researchers Say [soylentnews.org] - 20200215
Microsoft Takes Court Action Against Fourth Nation-State Cybercrime Group [soylentnews.org] - 20191231

"state actors" search on SoylentNews for even more: https://soylentnews.org/search.pl?threshold=0&query=state+actors [soylentnews.org]

Original Submission