The FBI has seized a domain linked to what’s believed to be a Russian botnet composed of around 500,000 infected routers around the world. According to the Department of Justice, the botnet is under the control of Russian hacking group “fancy bear” or “Sofacy.” Sofacy use malware called “VPN Filter” to exploit the vulnerabilities in routers manufactured by by Linksys, MikroTik, NETGEAR, and TP-Link and QNAP.
On Wednesday security researchers at Cisco and Symantec separately provided new details on the malware, which has turned up in 54 countries including the United States.
The FBI has been investigating the botnet since at least August, according to court records, when agents in Pittsburgh interviewed a local resident whose home router had been infected with the Russian malware. “She voluntarily relinquished her router to the agents,” wrote FBI agent Michael McKeown, in an affidavit filed in federal court. “In addition, the victim allowed the FBI to utilize a network tap on her home network that allowed the FBI to observe the network traffic leaving the home router.”