(February 1, 2024)

The US Justice Department said Wednesday that the FBI surreptitiously sent commands to hundreds of infected small office and home office routers to remove malware China state-sponsored hackers were using to wage attacks on critical infrastructure.
(…)
The takedown disclosed Wednesday isn’t the first time the FBI has issued commands to infected devices without the owners’ knowledge ahead of time. In 2021, authorities executed [justice.gov] a similar action to disinfect Microsoft Exchange servers that had been compromised by a different China-state group tracked as Hafnium.
(…)
In 2018, researchers reported that more than 500,000 SOHO routers had been compromised [arstechnica.com] by sophisticated malware [arstechnica.com] dubbed VPNFilter. The mass hack was later revealed to be an operation by a Russian-state group tracked as Sofacy. In that event, the FBI issued an advisory urging people to restart their routers [arstechnica.com] to remove any possible infections. The agency also seized [arstechnica.com] a domain used to control VPNFilter.