DOJ Takes Action Against Sophisticated Botnet Linked to Russian DNC Hackers

James Kitchen, Jeff Rabkin
Jones Day
Contact
LinkedIn
Facebook
X
Send
Embed

Jones Day

On May 23, 2018, the U.S. Department of Justice ("DOJ") publicly announced its seizure of botnet infrastructure used by malware dubbed "VPNFilter." DOJ indicated that the sophisticated malware was linked to APT 28, the group private cybersecurity firms believe was responsible for hacking into the Democratic National Committee ("DNC") during the 2016 election. Of particular concern is VPNFilter's commonality with a sophisticated offensive malware campaign known as BlackEnergy in 2011–2015, which has been attributed to APT 28, targeting industrial control systems in the United States and the Ukrainian power grid.

Cybersecurity researchers indicate that the VPNFilter malware infects computers in three stages. The first stage installs a persistent "loader" onto an infected computer that calls out over the internet to download Stage 2 and 3 malware. Stages 2 and 3 in turn are capable of stealing website credentials entered by an infected user, monitoring SCADA (supervisory control and data acquisition) protocols, and even rendering an infected device unusable. VPNFilter is believed to have infected nearly 500,000 users worldwide in 54 countries. Researchers believe that VPNFilter is able to cause offensive damage en masse, further showing similarity to the destructive BlackEnergy campaign.

DOJ's actions have not ended the threat. VPNFilter is known to target Linksys, MikroTik, NETGEAR, and TP-Link routers in small and home office spaces, as well as QNAP network-attached storage ("NAS") devices. However, the extent of VPNFilter's targeting is still not known, particularly in light of the malware's capability.

Companies should take immediate action in rebooting all small or home office routers and NAS devices (even if not ones that are identified above) to eliminate any Stage 2 or 3 VPNFilter malware on their systems, and stay up to date on threat intelligence for further vulnerability updates. Furthermore, companies should maintain good security patch management programs and immediately ensure their devices contain updated patches.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Jones Day | Attorney Advertising

Written by:

Jones Day
Jones Day
Contact
more
less

Jones Day on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide