VPNFilter – WindowsTechs.com

Actions Target Russian Govt. Botnet, Hydra Dark Market

Posted on April 7, 2022 by BrianKrebs

The U.S. Federal Bureau of Investigation (FBI) says it has disrupted a giant botnet built and operated by a Russian government intelligence unit known for launching destructive cyberattacks against energy infrastructure in the United States and Ukraine. Separately, law enforcement agencies in the U.S. and Germany moved to decapitate “Hydra,” a billion-dollar Russian darknet drug bazaar that also helped to launder the profits of multiple Russian ransomware groups. Continue reading Actions Target Russian Govt. Botnet, Hydra Dark Market→

Attack on Viasat modems possibly came from wiper malware deployed through supply chain

Posted on March 31, 2022 by AJ Vicens

Researchers from SentinelOne say there are reasons to disagree with Viasat’s most recent statement about the Feb. 24 attack.

The post Attack on Viasat modems possibly came from wiper malware deployed through supply chain appeared first on CyberScoop.

Continue reading Attack on Viasat modems possibly came from wiper malware deployed through supply chain→

Russian government hackers used office technology to try to breach privileged accounts

Posted on August 5, 2019 by Shannon Vavra

Early this spring, Russian government-linked hackers used three popular internet of things devices with weak security to access several Microsoft customers’ networks, then tried infiltrating more privileged accounts, researchers announced Monday. The company’s Threat Intelligence center said the STRONTIUM group, also known as APT 28 and Fancy Bear, leveraged weak security in an office printer, video decoders and voice over IP, or VOIP, phone to access wider systems. The attacks occurred as recently as April, Microsoft said, adding that hackers used insecure IoT devices as a means to attempt to break into valuable accounts where they would have found more sensitive data. Microsoft disclosed neither the affected devices, nor which of its customers were impacted. “While much of the industry focuses on the threats of hardware implants, we can see in this example that adversaries are happy to exploit simpler configuration and security issues to achieve their objectives,” Microsoft researchers wrote in their […]

The post Russian government hackers used office technology to try to breach privileged accounts appeared first on CyberScoop.

Continue reading Russian government hackers used office technology to try to breach privileged accounts→

Firmware Bugs Plague Server Supply Chain, 7 Vendors Impacted

Posted on July 17, 2019 by Tom Spring

Lenovo, Acer and five additional server manufacturers are hit with supply-chain bugs buried in motherboard firmware. Continue reading Firmware Bugs Plague Server Supply Chain, 7 Vendors Impacted→

Researchers are still using lessons from VPNFilter to track threats one year later

Posted on May 23, 2019 by Sean Lyngaas

It’s a been a year since private security researchers worked with the FBI to dismantle a 500,000-router-strong botnet that loomed over Ukraine. Now, lessons learned in that takedown of the “VPNFilter” botnet are still reverberating today in the cybersecurity community, informing defenders about other sets of malicious activity, said Martin Lee, a manager at Cisco Talos, the threat intelligence team that helped uncover the botnet. Lee pointed to the so-called Sea Turtle domain name system hijacking campaign, which Talos detailed last month. Like VPNFilter, the Sea Turtle activity was an example of a state-sponsored attacker abusing internet infrastructure at scale to steal credentials. Data gathered from the VPNFilter investigation, combined with the lesson that state-sponsored actors are wiling to subvert core internet infrastructure, has driven home the fact that attackers can exploit critical devices at scale in a way that few people had fully appreciated. “Essentially, [the Sea Turtle perpetrator] is a threat actor trying to do […]

The post Researchers are still using lessons from VPNFilter to track threats one year later appeared first on CyberScoop.

Continue reading Researchers are still using lessons from VPNFilter to track threats one year later→

Fancy Bear’s VPNfilter malware is back with 7 new modules

Posted on September 27, 2018 by Waqas

By Waqas
Cisco’s Talos researchers have identified that Russia’s VPNfilter is way more dangerous than it is believed to be. The malware, which prompted the FBI to urge people to reboot their internet routers, contains seven additional third-stage modul… Continue reading Fancy Bear’s VPNfilter malware is back with 7 new modules→

The VPNFILTER Trojan Has Been Updated With New Advanced Features

Posted on September 27, 2018 by Martin Beltov

The VPNFILFER Trojan has been updated by the developers behind it with new modules that make it an even more dangerous threat. The detailed security analysis shows that in the hands of experienced hackers it can cause significant damage to…Read more
… Continue reading The VPNFILTER Trojan Has Been Updated With New Advanced Features→

VPNFilter Router Malware Adds 7 New Network Exploitation Modules

Posted on September 27, 2018 by Swati Khandelwal

Security researchers have discovered even more dangerous capabilities in VPNFilter—the highly sophisticated multi-stage malware that infected 500,000 routers worldwide in May this year, making it much more widespread and sophisticated than earlier.

At… Continue reading VPNFilter Router Malware Adds 7 New Network Exploitation Modules→

VPNFilter’s Arsenal Expands With Newly Discovered Modules

Posted on September 26, 2018 by Lindsey O'Donnell

Seven new modules discovered in VPNFilter further fill in the blanks about how the malware operates and reveals a wider breath of capabilities. Continue reading VPNFilter’s Arsenal Expands With Newly Discovered Modules→

VPNFilter now has ‘even greater capabilities,’ research shows

Posted on September 26, 2018 by Sean Lyngaas

VPNFilter, the malware framework that co-opted half a million routers into a botnet earlier this year, has “even greater capabilities” than previously documented, new research shows. Talos, Cisco’s threat intelligence unit, said it recently found seven more VPNFilter modules that “add significant functionality to the malware,” whose botnet loomed over Ukraine ahead of a key soccer match in late May as well as an important public holiday in that country. Among the newly discovered capabilities of VPNFilter are the ability to exploit endpoint devices via compromised network gear, plus “data filtering and multiple encrypted tunneling capabilities to mask command and control and data exfiltration traffic,” Talos researcher Edmund Brumaghin wrote in a blog post Wednesday. The VPNFilter-enabled botnet had the ability to “brick” or disable thousands of devices, so researchers and U.S. law enforcement urgently sought to raise awareness of and mitigate the threat. The same week that Talos exposed VPNFilter, […]

The post VPNFilter now has ‘even greater capabilities,’ research shows appeared first on Cyberscoop.

Continue reading VPNFilter now has ‘even greater capabilities,’ research shows→