Update - June 7, 2018
The earlier recommendation to reboot routers may not entirely solve the problem.
From IC3/FBI:
The earlier recommendation to reboot routers may not entirely solve the problem.
From IC3/FBI:
May 25, 2018
The FBI recommends any owner of small office and home office routers power cycle (reboot) the devices. Foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide. The actors used VPNFilter malware to target small office and home office routers. The malware is able to perform multiple functions, including possible information collection, device exploitation, and blocking network traffic.
Reference:
IC3/FBI. (May 25, 2018). Foreign Cyber Actors Target Home and Office Routers and Networked Devices Worldwide. Public Service Announcement. Retrieved from https://www.ic3.gov/media/2018/180525.aspx
=-=-=-=-=-=
From Cisco via Talos:
The code of this malware overlaps with versions of the BlackEnergy malware — which was responsible for multiple large-scale attacks that targeted devices in Ukraine. While this isn’t definitive by any means, we have also observed VPNFilter, a potentially destructive malware, actively infecting Ukrainian hosts at an alarming rate, utilizing a command and control (C2) infrastructure dedicated to that country.
Reference:
Cisco Blogs. (May 23, 2018). New VPNFilter malware targets at least 500K networking devices worldwide. Threat Research. Talos Group. Retrieved from https://blogs.cisco.com/security/talos/vpnfilter
=-=-=-=-=-=
From US-CERT:
NCCIC is aware of a sophisticated modular malware system known as VPNFilter. Devices known to be affected by VPNFilter include Linksys, MikroTik, NETGEAR, and TP-Link networking equipment, as well as QNAP network-attached storage (NAS) devices. Devices compromised by VPNFilter may be vulnerable to the collection of network traffic (including website credentials), as well as the monitoring of Modbus supervisory control and data acquisition (SCADA) protocols
Reference:
US-CERT. (May 23, 2018). VPNFilter Destructive Malware. Retrieved from https://www.us-cert.gov/ncas/current-activity/2018/05/23/VPNFilter-Destructive-Malware
From CNET:
June 2, 2018
"I'm concerned that the FBI gave people a false sense of security," Talos senior technology leader Craig Williams said in an interview with Ars Technica. "VPNFilter is still operational. It infects even more devices than we initially thought, and its capabilities are far in excess of what we initially thought. People need to get it off their network."
Reference:
=-=-=-=-=-=
=-=-=-=-=-=
From CNET:
June 2, 2018
"I'm concerned that the FBI gave people a false sense of security," Talos senior technology leader Craig Williams said in an interview with Ars Technica. "VPNFilter is still operational. It infects even more devices than we initially thought, and its capabilities are far in excess of what we initially thought. People need to get it off their network."
Reference:
Zhou, M. (June 6, 2018). That router botnet the FBI asked us to help kill? Yep, it's still alive. A report details new capabilities and devices targeted by the VPNFilter malware. Retrieved from https://www.cnet.com/news/that-vpnfilter-router-attack-the-fbi-wanted-us-to-kill-yep-its-still-alive/
=-=-=-=-=-=
No comments:
Post a Comment
Thank you for your thoughtful comments.