https://blog.talosintelligence.com/2018/05/VPNFilter.html
https://www.us-cert.gov/ncas/current-activity/2018/05/23/VPNFilter-Destructive-Malware
Mikrotik,Linksys,Netgear,TP-Link and QNAP Devices targeted.
Excerpt For several months, Talos has been working with public- and private-sector threat intelligence partners and law enforcement in researching an advanced, likely state-sponsored or state-affiliated actor's widespread use of a sophisticated modular malware system we call "VPNFilter."
We have not completed our research, but recent events have convinced us that the correct way forward is to now share our findings so that affected parties can take the appropriate action to defend themselves. In particular, the code of this malware overlaps with versions of the BlackEnergy malware — which was responsible for multiple large-scale attacks that targeted devices in Ukraine.
While this isn't definitive by any means, we have also observed VPNFilter, a potentially destructive malware, actively infecting Ukrainian hosts at an alarming rate, utilizing a command and control (C2) infrastructure dedicated to that country.
No comments:
Post a Comment