SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    Chinese Malware Removed From SOHO Routers After FBI Issues Covert Commands
Date    Friday February 02, @02:35AM
Author    janrinok
Topic   
from the all-your-pixels-belong-to-us dept.
https://soylentnews.org/article.pl?sid=24/02/01/1918204

Freeman writes:

https://arstechnica.com/security/2024/01/chinese-malware-removed-from-soho-routers-after-fbi-issues-covert-commands/

The US Justice Department said Wednesday that the FBI surreptitiously sent commands to hundreds of infected small office and home office routers to remove malware China state-sponsored hackers were using to wage attacks on critical infrastructure.

The routers—mainly Cisco and Netgear devices that had reached their end of life—were infected with what's known as KV Botnet malware, Justice Department officials said.

[...] "To effect these seizures, the FBI will issue a command to each Target Device to stop it from running the KV Botnet VPN process," an agency special agent wrote in an affidavit dated January 9. "This command will also stop the Target Device from operating as a VPN node, thereby preventing the hackers from further accessing Target Devices through any established VPN tunnel.

[...] The takedown disclosed Wednesday isn't the first time the FBI has issued commands to infected devices without the owners' knowledge ahead of time. In 2021, authorities executed a similar action to disinfect Microsoft Exchange servers that had been compromised by a different China-state group tracked as Hafnium.

[...] In 2018, researchers reported that more than 500,000 SOHO routers had been compromised by sophisticated malware dubbed VPNFilter. The mass hack was later revealed to be an operation by a Russian-state group tracked as Sofacy. In that event, the FBI issued an advisory urging people to restart their routers to remove any possible infections. The agency also seized a domain used to control VPNFilter.

[...] This month's takedown comes as the Chinese government has stepped up attacks in recent years to compromise routers, cameras, and other network-connected devices to target critical infrastructure. warned of the trend in May last year. Researchers in the private sector have issued similar warnings.

Previously on SoylentNews:
Backdoored Firmware Lets China State Hackers Control Routers With "Magic Packets" - 20230930
Microsoft Comes Under Blistering Criticism for "Grossly Irresponsible" Security - 20230805
Malware Turns Home Routers Into Proxies for Chinese State-Sponsored Hackers - 20230518
US Warns of Govt Hackers Targeting Industrial Control Systems - 20220415
State Hackers Breach Defense, Energy, Healthcare Orgs Worldwide - 20211111
Microsoft Exchange Server Zero Day Hack Roundup - 20210316
Breached Water Plant Employees Shared Same Password, No Firewall - 20210211
Iranian Spies Accidentally Leaked Videos of Themselves Hacking - 20200716
Hackers Can Seize Control of Ballots Cast Using the Voatz Voting App, Researchers Say - 20200215
Microsoft Takes Court Action Against Fourth Nation-State Cybercrime Group - 20191231

"state actors" search on SoylentNews for even more: https://soylentnews.org/search.pl?threshold=0&query=state+actors


Original Submission

Links

  1. "Freeman" - https://soylentnews.org/~Freeman/
  2. "said" - https://www.justice.gov/opa/pr/us-government-disrupts-botnet-peoples-republic-china-used-conceal-hacking-critical
  3. "affidavit" - https://www.justice.gov/opa/media/1336421/dl?inline
  4. "executed" - https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-effort-disrupt-exploitation-microsoft-exchange
  5. "compromised" - https://arstechnica.com/information-technology/2018/05/hackers-infect-500000-consumer-routers-all-over-the-world-with-malware/
  6. "sophisticated malware" - https://arstechnica.com/information-technology/2018/06/vpnfilter-malware-infecting-50000-devices-is-worse-than-we-thought/
  7. "restart their routers" - https://arstechnica.com/information-technology/2018/05/fbi-tells-router-users-to-reboot-now-to-kill-malware-infecting-500k-devices/
  8. "seized" - https://arstechnica.com/information-technology/2018/05/fbi-seizes-server-russia-allegedly-used-to-infect-500000-consumer-routers/
  9. "similar warnings" - https://arstechnica.com/information-technology/2023/05/malware-turns-home-routers-into-proxies-for-chinese-state-sponsored-hackers/
  10. "Backdoored Firmware Lets China State Hackers Control Routers With "Magic Packets"" - https://soylentnews.org/article.pl?sid=23/09/30/1541245
  11. "Microsoft Comes Under Blistering Criticism for "Grossly Irresponsible" Security" - https://soylentnews.org/article.pl?sid=23/08/05/0050249
  12. "Malware Turns Home Routers Into Proxies for Chinese State-Sponsored Hackers" - https://soylentnews.org/article.pl?sid=23/05/18/1523208
  13. "US Warns of Govt Hackers Targeting Industrial Control Systems" - https://soylentnews.org/article.pl?sid=22/04/15/0033244
  14. "State Hackers Breach Defense, Energy, Healthcare Orgs Worldwide - 20211111" - https://soylentnews.org/article.pl?sid=21/11/11/148237
  15. "Microsoft Exchange Server Zero Day Hack Roundup" - https://soylentnews.org/article.pl?sid=21/03/16/198256
  16. "Breached Water Plant Employees Shared Same Password, No Firewall" - https://soylentnews.org/article.pl?sid=21/02/11/215210
  17. "Iranian Spies Accidentally Leaked Videos of Themselves Hacking" - https://soylentnews.org/article.pl?sid=20/07/16/1743215
  18. "Hackers Can Seize Control of Ballots Cast Using the Voatz Voting App, Researchers Say" - https://soylentnews.org/article.pl?sid=20/02/15/0726228
  19. "Microsoft Takes Court Action Against Fourth Nation-State Cybercrime Group" - https://soylentnews.org/article.pl?sid=19/12/31/093211
  20. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=62005

© Copyright 2024 - SoylentNews, All Rights Reserved

printed from SoylentNews, Chinese Malware Removed From SOHO Routers After FBI Issues Covert Commands on 2024-05-28 04:51:57