Russian hackers are targeting Ukraine (again)

27 May, 2018, 06:24 | Author: Regina Silva
  • 500,000 Cisco routers hacked worldwide by Russian Hackers

It's persistent, modular, and delivered in several stages. This will redirect attempts by stage one of the malware to reinfect the device to an FBI-controlled server, which will capture the Internet Protocol (IP) address of infected devices, pursuant to legal process.

The malware also includes an auto-destruct feature that renders the malware and software on infected devices inoperable.

Researchers say that the VPNFilter-enabled botnet is capable of doing significant harm, including permanently disabling the hacked devices through a method known as "bricking", which could cause thousands of companies to immediately lose internet connection and therefore likely lose business.

The Stage Two VPNFilter malware module does not survive device reboots but relies on the Stage One module to re-download it when the user reboots (and inadvertantly cleans) his device.

"Sniffers included with VPNFilter collect login credentials and possibly supervisory control and data acquisition traffic". Stage 2 covers file collection, command execution, data exfiltration, and device management.

The FBI and Department of Homeland Security said in December 2016 that the Sofacy Group was connected to Russian intelligence services and government officials.

From a global standpoint we saw this malware pretty much distributed evenly across the planet.

Coming back to now infected routers, the devices belong to major companies, including TP-Link, NETGEAR, Linksys, and MikroTik.

Still, based on information provided by Cisco, the sinkholding doesn't automatically stop VPNFilter in its tracks.

"VPNFilter is an expansive, robust, highly capable, and unsafe threat that targets devices that are challenging to defend".

Seized fentanyl sufficient to kill 26M folks, Nebraska police say
According to the DEA's website, fentanyl is "30-50 times more potent than heroin and 50-100 times more potent than morphine". On Thursday Governor Ricketts celebrated four state troopers who made a Nebraska record drug bust earlier this year.


Super-sub Bale earns Real third straight UCL crown
Salah's exit gave Real an immediate lift because they had been nervous and edgy up until that point in the game. Those injuries temporarily took the sting out of the game after an enthralling start, with Liverpool on top.


Cleveland Cavaliers Star Kevin Love Ruled Out For Game 7
Love, who missed a game in March with concussion symptoms, banged heads with Tatum and dropped to the court in the first quarter. As the team's starting point guard, the more Hill can produce and be successful, the better the team does.


Cisco said when it revealed VPNFilter that more than 500,000 devices in 54 countries-with a particular focus on Ukraine-had been compromised by the botnet.

The United States Justice Department shortly after announced seizing a domain used in the botnet campaign.

The VPNFilter malware responsible for the attack is particularly concerning as it contains code to steal website credentials and make the infected router unusable.

"While this isn't definitive by any means, we have also observed VPNFilter, a potentially destructive malware, actively infecting Ukrainian hosts at an alarming rate, utilizing a command and control infrastructure dedicated to that country", Talos wrote in a blog post on Wednesday. "Weighing these factors together, we felt it was best to publish our findings so far prior to completing our research".

The Cyber Threat Alliance, which Cisco is a member of, has briefed companies about the destructive malware, calling VPNFilter a "serious threat".

The U.S. government said late on Wednesday that it would seek to wrestle hundreds of thousands of infected routers and storage devices from the control of hackers who security researchers warned were planning to use the "botnet" to attack Ukraine. This challenge is augmented by the fact that most of the affected devices have publicly known vulnerabilities which are not convenient for the average user to patch.

This malware strain is incredibly complex when compared to other IoT malware, and comes with support for boot persistence (the second IoT/router malware to do so), scanning for SCADA components, and a firmware wiper/destructive function to incapacitate affected devices.

Just to be safe, Talos is recommending that owners and administrators of home or small office routers reset the devices and restore to factory default in order to clear potential malware.

But despite not having boot persistence, the Stage Two module is also the most risky, as it contains a self-destruct function that overwrites a critical portion of the device's firmware, and reboots the device.

Recommended:



Popular

Fulham defeat Aston Villa in Championship play-off final to reach Premier League
The task is quite simple for the two sides competing at Wembley Stadium on Saturday; win and you're back in the Premier League . Between them, they gladly hoovered up danger and it was only Grealish, the dancing Villa playmaker who Fulham failed to mute.

Luis Suarez and Philippe Coutinho Liverpool exits questioned by owner John Henry
Krawietz told SPOX on how the club handled a sale they were reluctant to sanction: "His change was very painful, because we lost his quality and special style of play".

Hugh Grant Marries Anna Eberstein In London
A wedding announcement for Eberstein and Grant was recently circulated in newspapers, the BBC reportedearlier this month. Hey, if the perennial bachelor is going to get married, at least he's going to sport some interesting jewerly.

Real Madrid captures 3rd straight Champions League title
Egypt play their first warm-up game ahead of the World Cup against Colombia on June 1 before facing Belgium on June 6. Told that it sounded like he was saying goodbye, Ronaldo said: "In the coming days you will have my answer".

North and South Korean leaders hold surprise United States summit discussions
The POTUS cancelled the highly-anticipated meeting on Thursday after blaming " tremendous anger and open hostility " by Pyongyang. Pictures showed them shaking hands and embracing on the North Korean side of the Demilitarised Zone separating the two nations.

Tottenham demand Man United star as part of deal for Toby Alderweireld
The Ukrainian club wanted £50m for Fred and were keen to get United involved in a bidding war to drive up the price even higher. Fred is quoted as saying by Metro: "There have been some advanced talks since January, when I nearly went to Man City.

Modern Birds Impacted By Asteroid That Wiped Out Dinosaurs
They also revealed that birds surviving the end of the Cretaceous period had long sturdy legs made for living on the ground. No trees meant no homes for flying birds, so they all died while their non-flying cousins survived on the ground.

Qualcomm Introduces The Snapdragon 710 SoC
The Snapdragon 710 made its debut today, and Qualcomm touts that it'll bring high-end mobile features to mid-range products. The processor also offers new Wi-Fi features, Bluetooth 5 , Qualcomm Broadcast Audio, and Qualcomm TrueWireless Stereo Plus.

Russia Downplays Dutch-Led Investigation Into the Downing of MH17
We hold the Russian state and its leaders as ultimately responsible for the deaths of our family members. Of the 298 people of more than 30 nationalities killed, 196 were Dutch, 42 Malaysian and 27 Australian.

Boris Johnson takes call from prankster posing as Armenia PM
After congratulating the caller at the start of the call, Mr Johnson talks of developing UK-Armenia trade and investment links. A recording of the phone call, which happened last week, was. "Obviously this should not have happened", said a spokeswoman.