Subscribe
HipHopWired Featured Video
CLOSE
Hacker using laptop. Lots of digits on the computer screen.

Source: boonchai wedmakawand / Getty

The FBI is under intense scrutiny by President Donald Trump, but the organization is still on the job when it comes to shutting down Russian hacking groups from threatening the world.

The FBI seized a domain called ToKnowAll[.]com reportedly linked to a Russian botnet composed of 500,000 infected routers all over the world. In a statement, the Department of Justice states the botnet (a group of computers infected with malware) was under the control of the infamous hacking group “fancy bear” or “Sofacy.” The same group authorities believe was behind the hacking of the Democratic National Committee during the 2016 Presidential Election.

The malware reportedly used by Sofacy is called “VPN Filter,” and it was used to infect and exploit vulnerabilities in home office routers from manufacturers NETGEAR, Linksys, MikroTik, TP-Link, and QNAP.  Here is how the malware did its malicious work according to The Daily Beast exclusive report:

“That code is programmed to connect over the Internet to a command-and-control infrastructure set up by the hackers. First, it checks for particular images hosted on Photobucket.com that held hidden information in the metadata. If it can’t find those images—which have indeed been removed from Photobucket—it turns to an emergency backup control point at the hard-coded web address ToKnowAll[.]com.”

Now that the FBI has seized the domain it has effectively killed the malware’s ability to reactivate following a reboot. In a statement to the Daily Beast, Symantec technical director, Vikram Thakur says “One of the things they can do is keep track of who is currently infected and who is the victim now and pass that information to the local ISPs. Some of the ISPs have the ability to remotely restart the router. The others might even send out letters to the home users urging them to restart their devices.”

A massive threat thwarted, router manufacturers are still urging customers in the 54 countries including the United States to reboot their routers and install the latest firmware to patch the vulnerability.

Photo: boonchai wedmakawand / Getty