500,000 Routers In 54 Countries Hacked To Create Massive Botnet Army


The Cisco security research team has unearthed a hacking attack that targets more than 500,000 consumer Wi-Fi routers. These infected routers can be used to create a massive botnet army and launch a heavyweight cyberattack.

As per the findings, this attack seems to be a work of some state-sponsored actor. The malware used to infect the devices, in this case, has been termed VPNFilter. As the malware shares lots of code with the BlackEnergy malware used to deploy large-scale attacks on Ukraine, it could be tied to the Russian government.

It’s worth noting that the Cisco report didn’t directly mention Russia but the code overlap surely hints the same. In a related development, the FBI has seized an important server used in the attack. As per the agents, the server, ToKnowAll.com, was being used by Russian hackers to spread a second stage malware attack.

Coming back to currently infected routers, the devices belong to major companies, including TP-Link, NETGEAR, Linksys, and MikroTik.

The VPNFilter malware responsible for the attack is particularly concerning as it contains code to steal website credentials and make the infected router unusable. Moreover, it has “the potential of cutting off internet access for hundreds of thousands of victims worldwide.”

This multistage, modular platform malware persists through a reboot in its initial stage. In the second stage, it uses different command and control mechanisms to find the IP address stage 2 deployment server and proceeds with the intelligence-collection process; it also has a self-destruct capability. The stage 3 modules further acts as plugins for stage 2 malware.

The most probable cause for spreading the malware could be the lack of proper authentication and use of default credentials on the routers. While Cisco refrains itself from confirming the particular exploit, lack of basic security measures on home and office routers seem to be the reason.

Also Read: How to Protect Your Wi-Fi Router From Hacking Using Simple Tricks
Adarsh Verma

Adarsh Verma

Fossbytes co-founder and an aspiring entrepreneur who keeps a close eye on open source, tech giants, and security. Get in touch with him by sending an email — [email protected]
More From Fossbytes

Latest On Fossbytes

Find your dream job