US disrupts botnet of 500,000 hacked routers, suspected of links to Russian intelligence
The ‘Sofacy’ hacking group has targeted power grids, the Organisation for Security and cooperation in Europe, the World Anti-Doping Agency, and other bodies
The US Justice Department said Wednesday that it had seized an internet domain that directed a dangerous botnet of a half-million infected home and office network routers, controlled by hackers believed tied to Russian intelligence.
The move was aimed at breaking up an operation deeply embedded in small and medium-sized computer networks that could allow the hackers to take control of computers as well as easily steal data.
The Justice Department said the “VPNFilter” botnet was set up by a hacking group variously called APT28, Pawn Storm, Sandworm, Fancy Bear and the Sofacy Group.
The group is blamed for cyberattacks on numerous governments, key infrastructure industries like power grids, the Organisation for Security and cooperation in Europe, the World Anti-Doping Agency, and other bodies.
The [Sofacy Group] is known to typically target government, military, security organisations, and other targets of intelligence value
US intelligence agencies also say it was involved in the operation to hack and release damaging information on the Democratic Party during the 2016 US presidential election, and has engineered a number of computer network disruptions in Ukraine.
“According to cybersecurity researchers, the Sofacy Group is a cyber-espionage group believed to have originated from Russia,” the Department of Justice said in a court filing.