By FortiGuard SE Team | September 26, 2018 Cisco Talos, in coordination with the Cyber Threat Alliance (CTA), has just posted another update on the VPNFilter malware, a multistage attack that was first discovered by Talos researchers on May 23rd, when it was documented attacking various small office/home office (SOHO) routers and Network Attached Storage (NAS) devices. Because of our participation in CTA, FortiGuard Labs was able to provide an update to Fortinet customers that same day. What makes VPNFilter particularly dangerous is the fact that it not only can perform data exfiltration, it can also render devices completely inoperable. VPNFilter primarily targets Linux based IoT devices, including SOHO routers and NAS devices, with a high concentration of attacks occurring in Ukraine.
An update to the VPNFilter research posted in June provided an updated list of targeted device manufacturers, as well as the addition of new exploitation (ssler), packet sniffer (ps), and device destruction (dstr) modules. FortiGuard Labs provided a threat update on this research here. This most current update, also posted by Talos through the Cyber Threat Alliance, identifies additional updates to the VPNFilter malware that have not been seen previously.
Full Article.
VPNFilter Update – New Attack Modules Documented
+63Thanks Jeff very interesting!
Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Windows 11 Pro x64 for Workstations on my Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Samsung Galaxy A16 5G OS 16.
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.