Repelling the russian cyber attack
Fear the Danaans who bring you gifts
On May 10, 2023, I unexpectedly encountered the problem with cable Internet from my local internet provider Lanet. Despite the fact that I consider myself a more or less advanced user, due to the urgency of the restoration, I had to order a company specialist. Later, I solved the problem myself, and, therefore, canceled the order.
But at the same time, I have to inform about the reason that blocked my Internet. This can be important from a security perspective.
Now briefly on the course of events. Details can be important in identifying causes and possible effects.
So, on this day, my Windows 11 OS offered me an update. After the update, I immediately lost internet. My attempts to connect to my ASUS RT-AC58U home router led to the appearance of an unusual dialog box where I was offered to establish a new network connection with my router, which has been working without failures for several years. In the course of this dialogue, the hostile word Yandex (russian IT giant) flashed by. Now I am not able to restore this dialogue precisely from memory, but usually under such pressing circumstances, I never agree to questionable proposals.
In the end, I succeeded to get to the admin panel of my router, but the connection to the Internet failed after many attempts. My appeals to and long-term communication with the service provider (Lanet) were also unsuccessful.
After that, I booked a specialist from the Lanet company for the next available day to help me solve the problem at home.
Eventually, before leaving home on business, I decided to go through the admin panel of my router for the last time and, surprise, this is what I found!
In my innocent Parental Controls tab, a new tab appeared that I hadn’t seen before, Yandex.DNS. At the time when I detect this “service”, it was set active: Use Yandex DNS: ON. After turning it off and restarting the router, the Internet was immediately restored!
Some conclusions
- I have no doubt that this “service” has the character of espionage and sabotage of our mad neighbor.
- I consider it necessary to convey this information both to a wide range of users as well as to the special cyber security services of Ukraine and other countries.
- I am not completely sure that I have finally neutralized this threat in my router, so I would be glad for advice on how to prevent my router and get rid of this harmful stuff.
UPD 14.05.2023
Due to the impossibility of connecting via WiFi to the router’s admin panel, it was not possible to update the firmware via WiFi. Therefore, I downloaded the latest version of the firmware for my ASUS RT-AC58U router from the manufacturer’s website, then connected to the router via an Ethernet cable and, finally, manually updated the firmware. As a result, the enemy bookmark disappeared and it became possible to connect via WiFi. Eventually, I changed the login, password and WPA encryption key for the router. So far everything is working, I will be watching…
