{"id":1328,"date":"2018-05-24T18:01:55","date_gmt":"2018-05-24T18:01:55","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/28982\/FBI-Seizes-Domain-Russia-Allegedly-Used-To-Infect-500-000-Routers.html"},"modified":"2018-05-24T18:01:55","modified_gmt":"2018-05-24T18:01:55","slug":"fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers\/","title":{"rendered":"FBI Seizes Domain Russia Allegedly Used To Infect 500,000 Routers"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2018\/05\/russian-flag-800x534.jpg\"\/><\/p>\n<aside id=\"social-left\"><a title=\"38 posters participating, including story author.\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/information-technology\/2018\/05\/fbi-seizes-server-russia-allegedly-used-to-infect-500000-consumer-routers\/?comments=1\"><span class=\"comment-count-before\">reader comments<\/span> <span class=\"comment-count-number\">53<\/span><\/a><\/p>\n<div class=\"share-links\"><span>Share this story<\/span> <\/div>\n<\/aside>\n<p>The FBI has seized a key domain used to infect more than 500,000 home and small-office routers in a move that significantly frustrates a months-long attack that agents say was carried out by the Russian government, The Daily Beast <a href=\"https:\/\/amp.thedailybeast.com\/exclusive-fbi-seizes-control-of-russian-botnet\">reported late Wednesday<\/a>.<\/p>\n<aside class=\"pullbox sidebar story-sidebar right\">\n<\/aside>\n<p>The takedown stems from an investigation that started no later than last August and culminated in a court order issued Wednesday directing domain registrar Verisign to turn over control of ToKnowAll.com. An <a href=\"http:\/\/www.kingpin.cc\/wp-content\/uploads\/2018\/05\/pawd-2.18-mj-00665-1.pdf\">FBI affidavit<\/a> obtained by The Daily Beast said the hacking group behind the attacks is known as Sofacy. The group\u2014which is also known as Fancy Bear, <a href=\"https:\/\/arstechnica.com\/information-technology\/2015\/08\/fake-eff-site-serving-espionage-malware-was-likely-active-for-3-weeks\/\">Sednit<\/a>, and <a href=\"https:\/\/arstechnica.com\/information-technology\/2015\/02\/spyware-aimed-at-western-governments-journalists-hits-ios-devices\/\">Pawn Storm<\/a>\u2014is credited with a long list of attacks over the years, including the <a href=\"https:\/\/arstechnica.com\/information-technology\/2016\/06\/hackers-invade-dems-servers-steal-entire-trump-opposition-file\/\">2016 hack of the Democratic National Committee<\/a>.<\/p>\n<p>As <a href=\"https:\/\/arstechnica.com\/information-technology\/2018\/05\/hackers-infect-500000-consumer-routers-all-over-the-world-with-malware\/\">Ars reported earlier Wednesday<\/a>, Cisco researchers said the malware that infected more than 500,000 routers in 54 countries was developed by an advanced nation and implied Russia was responsible, but the researchers didn\u2019t definitively name the country.<\/p>\n<p>VPNFilter, as the Cisco researchers dubbed the advanced malware, is one of the few Internet-of-things infections that can survive a reboot, but only the first stage has this capability. To compensate for the shortcoming, the attackers relied on the three separate mechanisms to independently ensure stages 2 and 3 could be installed on infected devices.<\/p>\n<p>The ToKnowAll.com domain seized Wednesday hosted a backup server for uploading a second stage of malware to already-infected routers in the event a primary method, which relied on Photobucket, failed. VPNFilter relied on a third method that used so-called \u201clisteners,\u201d which allow attackers to use specific trigger packets to manually send later stages.<\/p>\n<h2>Major coup<\/h2>\n<p>Taking control of a command-and-control server is known as sinkholing. It allows researchers or law enforcement officers to monitor the IP addresses of infected devices that connect and to prevent them from receiving malware or malicious instructions. The seizure of ToKnowAll.com is a major coup because it closes a secondary channel and may also provide previously unavailable information the FBI can use to begin the process of helping ISPs and end users disinfect the devices.<\/p>\n<p>Still, based on information provided by Cisco, the sinkholding doesn\u2019t automatically stop VPNFilter in its tracks. Assuming the attackers captured the IP addresses of devices infected with stage 1, the attackers may still be able to use the listener to regain control of the devices.<\/p>\n<p>In August, The Daily Beast reported, FBI agents in Pittsburgh, Pennsylvania, interviewed a local resident whose home router was infected with VPNFilter. The resident voluntarily let the agents analyze the device and attach a network tap that allowed the FBI to monitor traffic leaving the router. The agents used the tap to identify the way the malware worked.<\/p>\n<p>On Tuesday, the FBI asked federal Magistrate Judge Lisa Pupo Lenihan in Pittsburgh to turn over control of ToKnowAll.com to agents. Lenihan granted the request on Wednesday. It\u2019s not clear why it took nine months from the time the agents interviewed the router owner to their request of the domain seizure. Ars has much more about VPNFilter <a href=\"https:\/\/arstechnica.com\/information-technology\/2018\/05\/hackers-infect-500000-consumer-routers-all-over-the-world-with-malware\/\">here<\/a>.<\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/28982\/FBI-Seizes-Domain-Russia-Allegedly-Used-To-Infect-500-000-Routers.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":1329,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[745],"class_list":["post-1328","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinemalwareusarussiabotnetcyberwarfbi"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>FBI Seizes Domain Russia Allegedly Used To Infect 500,000 Routers 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"FBI Seizes Domain Russia Allegedly Used To Infect 500,000 Routers 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-05-24T18:01:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"534\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"FBI Seizes Domain Russia Allegedly Used To Infect 500,000 Routers\",\"datePublished\":\"2018-05-24T18:01:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers\\\/\"},\"wordCount\":526,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers.jpg\",\"keywords\":[\"headline,malware,usa,russia,botnet,cyberwar,fbi\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers\\\/\",\"name\":\"FBI Seizes Domain Russia Allegedly Used To Infect 500,000 Routers 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers.jpg\",\"datePublished\":\"2018-05-24T18:01:55+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers.jpg\",\"width\":800,\"height\":534},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,malware,usa,russia,botnet,cyberwar,fbi\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinemalwareusarussiabotnetcyberwarfbi\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"FBI Seizes Domain Russia Allegedly Used To Infect 500,000 Routers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"FBI Seizes Domain Russia Allegedly Used To Infect 500,000 Routers 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers\/","og_locale":"en_US","og_type":"article","og_title":"FBI Seizes Domain Russia Allegedly Used To Infect 500,000 Routers 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-05-24T18:01:55+00:00","og_image":[{"width":800,"height":534,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"FBI Seizes Domain Russia Allegedly Used To Infect 500,000 Routers","datePublished":"2018-05-24T18:01:55+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers\/"},"wordCount":526,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers.jpg","keywords":["headline,malware,usa,russia,botnet,cyberwar,fbi"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers\/","url":"https:\/\/www.threatshub.org\/blog\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers\/","name":"FBI Seizes Domain Russia Allegedly Used To Infect 500,000 Routers 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers.jpg","datePublished":"2018-05-24T18:01:55+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers.jpg","width":800,"height":534},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/fbi-seizes-domain-russia-allegedly-used-to-infect-500000-routers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,malware,usa,russia,botnet,cyberwar,fbi","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinemalwareusarussiabotnetcyberwarfbi\/"},{"@type":"ListItem","position":3,"name":"FBI Seizes Domain Russia Allegedly Used To Infect 500,000 Routers"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/1328","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=1328"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/1328\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/1329"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=1328"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=1328"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=1328"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}