The Federal Bureau of Investigation made an announcement on Friday that went a bit under the radar, but is huge: Russian hackers devised a sophisticated malware system that has infected hundreds of thousands of internet routers in the United States as part of its ongoing effort to undermine American democracy.
“Foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide,” the agency wrote on a public service announcement released on Friday. “The malware is able to perform multiple functions, including possible information collection, device exploitation, and blocking network traffic.”
The agency called the size and scope of the problem “significant.”
The FBI says that the Russian hacker group “Fancy Bear” is behind the new malware. Fancy Bear is reportedly directed by Russia’s military intelligence agency and is responsible for hacking into the Democratic National Committee ahead of the 2016 presidential election. An estimated 500,000 routers in at least 54 countries were infected with the malware. And devices from major router manufacturers including Linksys, MikroTik, Netgrear, and TP-Link were all affected.
The FBI has since seized a domain name associated with Fancy Bear, www.toknowall.com, which it says was a critical part of the malware’s “command-and-control infrastructure,” according to the New York Times.
“This court-ordered seizure will assist in the identification of victim devices and disrupts the ability of these hackers to steal personal and other sensitive information and carry out disruptive cyberattacks,” Scott W. Brady, United States attorney for the Western District of Pennsylvania, said in the statement to the Times.
Worried that you’re router’s been compromised? The FBI recommend several steps, including rebooting it, disabling remote management settings, and using a stronger password, especially when encryption is enabled.