Earlier this year, a group of blackhat hackers known as Shadow Brokers suddenly popped up on the dark web. They were auctioning off “cyberweapons” they claim to have stolen from the NSA. Here’s how the stolen NSA router malware is quickly becoming an international threat.
Stolen NSA Router Malware – The Full Story
As many conspiracy enthusiasts know, the NSA is thought to engage in certain blackhat activity via a group of elite hackers known as Equation Group. Shadow Brokers made their claim on Tumbler, Twitter, Github, and Pastebin. They also leaked just enough files for security researchers to confirm their claim. Finally, Kaspersky proved what they called a “strong connection” to files they had on Equation Group at hand. The cybersecurity company had previously exposed Equation Group’s cyber-espionage and were able to show the similarities between the leaked malware and the archived one.
Now, it seems that hackers have managed to utilize these cyberweapons to hack into routers all over the world. This new router malware, called EternalSilence, has already infected around 1.7 million devices. Experts are already putting out a warning on this malware. It seems to use techniques similar to other stolen NSA malware used in massive global ransomware attacks. In other words, there is a fear that these infestations may one day lead to terrifying real-life attacks.
Luckily, a US-based content delivery network and cloud service provider called Akamai put out a list of the router brands at risk of infection. However, some of the most popular router brand names, like Asus and Netgear, are part of it.
Stolen NSA Router Malware – How It Works
Here’s how the stolen NSA router malware is making its rounds:
First, the hacker will deploy a Universal Plug and Play (UPnP) exploit to turn your router into a personal proxy.
Then, the hacker will add a Silent Cookie to the Network Address Translation (NAT) table. The NAT decides how your traffic will be sorted from your router to your devices.
The Silent Cookie will then open a port that will allow the hackers to access any device your NAT is hiding. Once this happens, the hackers can silently install anything they want on your devices, including the stolen router malware.
What to Do if You Are Susceptible to the Stolen NSA Router Malware
If you suspect that your router is infected with the malware or if your device is on the list of susceptible devices, there are a few things you can do to protect yourself:
- Change Your Vulnerable Router. If your router is on the list then it might be better for you to simply get a new router.
- Configure Your Vulnerable Router. If you can’t change your router, then restore it to factory settings, update the firmware to the latest version, and turn off UPnP.
- Use Anti-Malware Software: There are various programs that you can use to limit the extent to which your Internet-connected devices might be susceptible to malware. Take a look at our favorite anti-malware apps.
- Use a VPN. Your safest bet in securing your traffic and making sure that no one can access your connection is to use a Virtual Private Network. This is especially true if you think you’re using an unsecured router at work or out in public. We suggest using a credible and trusted VPN provider like ExpressVPN to secure your data, make sure that your connection is private, and mask your IP address. You can even install the VPN on your router to secure all of your devices.