Russian hackers are targeting Ukraine (again)

27 May, 2018, 06:24 | Author: Regina Silva
  • Russian hackers are targeting Ukraine (again)

It's persistent, modular, and delivered in several stages. This will redirect attempts by stage one of the malware to reinfect the device to an FBI-controlled server, which will capture the Internet Protocol (IP) address of infected devices, pursuant to legal process.

The malware also includes an auto-destruct feature that renders the malware and software on infected devices inoperable.

Researchers say that the VPNFilter-enabled botnet is capable of doing significant harm, including permanently disabling the hacked devices through a method known as "bricking", which could cause thousands of companies to immediately lose internet connection and therefore likely lose business.

The Stage Two VPNFilter malware module does not survive device reboots but relies on the Stage One module to re-download it when the user reboots (and inadvertantly cleans) his device.

"Sniffers included with VPNFilter collect login credentials and possibly supervisory control and data acquisition traffic". Stage 2 covers file collection, command execution, data exfiltration, and device management.

The FBI and Department of Homeland Security said in December 2016 that the Sofacy Group was connected to Russian intelligence services and government officials.

From a global standpoint we saw this malware pretty much distributed evenly across the planet.

Coming back to now infected routers, the devices belong to major companies, including TP-Link, NETGEAR, Linksys, and MikroTik.

Still, based on information provided by Cisco, the sinkholding doesn't automatically stop VPNFilter in its tracks.

"VPNFilter is an expansive, robust, highly capable, and unsafe threat that targets devices that are challenging to defend".

Utah Main Jailed in Venezuela Will Return to US
Mia Love , R-Utah, also lobbied on behalf of Holt and decried his poor treatment in prison. Holt's family says "we are grateful to all who participated in this miracle".


Tottenham demand Man United star as part of deal for Toby Alderweireld
The Ukrainian club wanted £50m for Fred and were keen to get United involved in a bidding war to drive up the price even higher. Fred is quoted as saying by Metro: "There have been some advanced talks since January, when I nearly went to Man City.


Warriors’ sloppiness catching up to them against physical Rockets
This is the same core of stars that has gone 16-1 at Oracle Arena during the playoffs since the start of last year's postseason. Game 6 is Saturday night in Oakland; a Game 7, if necessary, would be Monday night back in Houston .


Cisco said when it revealed VPNFilter that more than 500,000 devices in 54 countries-with a particular focus on Ukraine-had been compromised by the botnet.

The United States Justice Department shortly after announced seizing a domain used in the botnet campaign.

The VPNFilter malware responsible for the attack is particularly concerning as it contains code to steal website credentials and make the infected router unusable.

"While this isn't definitive by any means, we have also observed VPNFilter, a potentially destructive malware, actively infecting Ukrainian hosts at an alarming rate, utilizing a command and control infrastructure dedicated to that country", Talos wrote in a blog post on Wednesday. "Weighing these factors together, we felt it was best to publish our findings so far prior to completing our research".

The Cyber Threat Alliance, which Cisco is a member of, has briefed companies about the destructive malware, calling VPNFilter a "serious threat".

The U.S. government said late on Wednesday that it would seek to wrestle hundreds of thousands of infected routers and storage devices from the control of hackers who security researchers warned were planning to use the "botnet" to attack Ukraine. This challenge is augmented by the fact that most of the affected devices have publicly known vulnerabilities which are not convenient for the average user to patch.

This malware strain is incredibly complex when compared to other IoT malware, and comes with support for boot persistence (the second IoT/router malware to do so), scanning for SCADA components, and a firmware wiper/destructive function to incapacitate affected devices.

Just to be safe, Talos is recommending that owners and administrators of home or small office routers reset the devices and restore to factory default in order to clear potential malware.

But despite not having boot persistence, the Stage Two module is also the most risky, as it contains a self-destruct function that overwrites a critical portion of the device's firmware, and reboots the device.

Recommended:



Popular

Body of Missing Wichita Boy Believed to be Found
Glass was found not guilty in May in an unrelated case accusing her of child endangerment involving her 1-year-old daughter. After doing a couple loads of laundry, watering plants, and cleaning her daughter's bottle, Glass made the children lunch.

Fulham defeat Aston Villa in Championship play-off final to reach Premier League
The task is quite simple for the two sides competing at Wembley Stadium on Saturday; win and you're back in the Premier League . Between them, they gladly hoovered up danger and it was only Grealish, the dancing Villa playmaker who Fulham failed to mute.

NASA Camera Melted During a SpaceX Rocket Launch, Photos Survived
One of Ingalls's cameras, a Canon 5D worth several thousands of dollars, was burned to a crisp as a result of the Falcon launch. Still, much of the body looks like it's maybe (hopefully?) salvageable, depending on just how long it spent in the fire.

Ramos Criticises UEFA For Staging 2018 UCL Final In Kiev
It added: "We can't apologise to our customers enough about the situation they find themselves in". I go to practically all Liverpool games and I haven't missed a home game in almost four years".

Real Madrid captures 3rd straight Champions League title
Egypt play their first warm-up game ahead of the World Cup against Colombia on June 1 before facing Belgium on June 6. Told that it sounded like he was saying goodbye, Ronaldo said: "In the coming days you will have my answer".

Stream Pusha-T's new album Daytona, produced by Kanye West
On Friday night, Drake unleashed " Duppy Freestyle ", a clear response to Pusha T's DAYTONA track " Infrared ". Kanye West just made everyone mad again, but this time it had nothing to do with "dragon energy" or politics.

Liverpool, Real Madrid set to clash in Champions League title game
They were unsettled and imprecise with their passes and it allowed Liverpool to have the better of play in the first 15 minutes. She expressed her surprise with Salah's performance this season saying, "I think Mo Salah has impressed me the most".

Super-sub Bale earns Real third straight UCL crown
Salah's exit gave Real an immediate lift because they had been nervous and edgy up until that point in the game. Those injuries temporarily took the sting out of the game after an enthralling start, with Liverpool on top.

Meghan Markle's Mother Doria Ragland Spotted Back in US After Royal Wedding
Georges Chapel along side other celebrities like Amal and George Clooney. Gavankar attended the royal wedding service inside of St. He continued, "I said finally, 'Okay, let's go back".

Cleveland Cavaliers Star Kevin Love Ruled Out For Game 7
Love, who missed a game in March with concussion symptoms, banged heads with Tatum and dropped to the court in the first quarter. As the team's starting point guard, the more Hill can produce and be successful, the better the team does.