The VPNFilter malware targeted devices worldwide from Linksys, MikroTik, Netgear and TP-Link.
More than half a million routers and network devices in 54 countries have been infected with sophisticated malware, researchers from Cisco’s Talos Intelligence Group warn.
The malware, which the security researchers are calling VPNFilter, contains a killswitch for routers, can steal logins and passwords, and can monitor industrial control systems.
An attack would have the potential to cut off internet access for all the devices, William Largent, a researcher with Talos, said Wednesday in a blog post.
Late Wednesday, the FBI received court permission to seize an internet domain that the Justice Department says a Russian hacking group, known as the Sofacy Group, was using to control infected devices. The group, which also goes by the names Apt28 and Fancy Bear, has targeted government, military and security organizations since at least 2007.