ANCHORAGE (KTUU) — The FBI issued an urgent request for anyone with a small office or home router: Reboot that equipment to help thwart a massive cyber attack on network-connected devices.
"Foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide," the FBI wrote in a public service advisory this past week. "The malware is able to perform multiple functions, including possible information collection, device exploitation, and blocking network traffic."
Last week, the Dept. of Justice announced the seizure of an internet domain at the center of the Kremlin-backed botnet believed to have compromised more than half a million small business and home office network routers around the world. The DOJ said the move was meant to cut off the flow of communications from infected devices to the command and control server operated by the Russian cyber actors. Compromised devices, however, remain infected.
“This court-ordered seizure will assist in the identification of victim devices, and disrupts the ability of these hackers to steal personal and other sensitive information and carry out disruptive cyber attacks," said Scott Brady, U.S. Attorney for the Western District of Pennsylvania.
When restarted, compromised routers will attempt to contact the Russian-backed web domain — now controlled by the FBI — which previously would have downloaded a malicious payload to reinfect the router. Now, those attempts will be redirected to the FBI-controlled server, which will help identify infected devices.
"Although devices will remain vulnerable to reinfection with the second stage malware while connected to the Internet, these efforts maximize opportunities to identify and remediate the infection worldwide in the time available before Sofacy actors learn of the vulnerability in their command-and-control infrastructure," the DOJ said in the statement.
After restarting your router, the FBI recommends creating a strong password. Most devices in homes and businesses come equipped with default credentials which are easily stolen by hackers.
The FBI also recommends disabling remote management settings, enabling encryption, and upgrading your devices firmware. For device-specific instructions on securing your router, contact your internet service provider.
A full list of compromised routers can be found here.