Destructive and MiTM Capabilities of VPNFilter Malware Revealed

GlobalDots
1 Min read

Security researchers from Cisco’s Talos cyber intelligence have today uncovered more details about VPNFilter malware, an advanced piece of IoT botnet malware that infected more than 500,000 routers in at least 54 countries, allowing attackers to spy on users, as well as conduct destructive cyber operations.

Initially, it was believed that the malware targets routers and network-attached storage from Linksys, MikroTik, NETGEAR, and TP-Link, but a more in-depth analysis conducted by researchers reveals that the VPNFilter also hacks devices manufactured by ASUS, D-Link, Huawei, Ubiquiti, QNAP, UPVEL, and ZTE.

To hijack devices manufactured by above listed affected vendors, the malware simply relies on publicly-known vulnerabilities or use default credentials, instead of exploiting zero-day vulnerabilities.

Besides this, the researchers primarily shared technical details on a new stage 3 module, named “ssler,” which is an advanced network packet sniffer that, if installed, allows hackers to intercept network traffic passing through an infected router and deliver malicious payloads using man-in-the-middle attacks.

This 3rd-stage module also makes the malware capable of maintaining a persistent presence on an infected device, even after a reboot.

Image Source

Read more: The Hacker News

Latest Articles

Navigating The Stormy Seas of Cloud Storage: Slash Cloud Storage Costs by 70% with GlobalDots’ Curated Autoscaler

Imagine navigating your digital ship through the turbulent seas of cloud storage management. One wrong calculation, and you’re either sinking under the weight of overprovisioning or losing speed due to performance hiccups. But what if there was a compass that could make this voyage smooth sailing? GlobalDots presents you with an Autoscaler that’s revolutionizing the […]

GlobalDots
28.09.23
Clarity in the Clouds: Innovative Solutions for Aviation

In the competitive world of aviation, where alliances are often forged with rivals, and competitors share skies as partners – GlobalDots is your co-pilot in navigating clouds of looming threats. Now, we are introducing our new e-book, which explores our curated innovative solutions for Aviation, including: Nowadays, where buying a ticket is just the beginning […]

Dr. Eduardo Rocha Senior Solutions Engineer & Security Analyst @ GlobalDots
21.09.23
FinOps vs DevOps: Key Differences and What Each Role Requires

Before widespread cloud adoption, the cloud’s major selling point was a reduction in computing costs. Today, however, many organizations find themselves mired in increasingly costly and complex cloud environments, even forcing industry leaders such as Nvidia back toward on-prem setups. The priorities upheld by DevOps throughout the last decade have played a major role in […]

GlobalDots
19.09.23

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.

Unlock Your Cloud Potential