FBI Seizes Domain To Thwart VPNFilter Attack On Ukraine

The US FBI has seized control of a web domain to thwart a potential cyber-attack on Ukraine ahead of the Champions league final on Saturday.

The imminent cyber-attack, dubbed VPNFilter malware by researchers at Cisco’s Talos computer security unit, was being blamed on the Russian government.

This because the malware shares code with malware previously used in cyber-attacks which the US government has attributed to Moscow.

FBI seizure

On Thursday Cisco warned that VPNFilter has infected at least half a million routers and storage devices in dozens of countries.

The malware is capable of monitoring internet traffic, to obtain sensitive details such as login credentials, as well as initiating destructive attacks on industrial networks.

The VPNFilter malware seemed to be targetting the Ukraine with another cyber-attack. This country has suffered previous malware outbreaks, which in turn have spread worldwide, including the June 2017 “NotPetya” attack that UK and US officials said was the most destructive cyber-incident to date.

But now according to the BBC, the FBI seized a website that was helping communicate with home routers infected with malware that would carry out the digital bombardment.

The FBI is now trying to clean up infected machines, after it was granted a court order earlier this week.

This court ruling ordered website registrar Verisign to hand over control of the ToKnowAll.com domain to the FBI.

It seems that infected routers and storage devices regularly contacted that domain in order to update the malware with which they were infected.

But by seizing control of the domain, the FBI is be able to log the location of infected machines and co-ordinate efforts to clean them up.

Russian denial

The state-sponsored group known as Sofacy/Fancy Bear has been identified as both developing the malware and preparing the attack.

“This operation is the first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes,” John Demers, assistant attorney general for National Security, is quoted as saying in a statement.

Russia has denied an allegation by Ukraine that Russia was planning a cyber-attack on the country. Russia has also this week denied an international investigation that concluded that a Russian military missile had shot down flight MH17 over eastern Ukraine in 2014, killing all 298 people aboard.

Cisco meanwhile has warned that the malware includes a “kill” switch, which could render devices unusable if it were used.

A reboot of infected devices is not enough.

To clear the infection, users have to restore the devices to their initial factory settings. Users are also being urged to update the firmware on their routers.

In March this year a leading American General slammed the ability of the United States to effectively combat Russia’s cyber threats.

Army General Curtis Scaparrotti, who is also NATO’s Supreme Allied Commander in Europe, told a US Senate Armed Services Committee hearing that the US government did not have an effective unified approach to deal with Russia’s cyber threat.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago