News Targeted


Category: IT|Jun 8, 2018 | Author: Admin

Botnet That Previously Hacked Over 500,000 Routers Has Come Back Stronger

Share on

According to Telemetry data gathered this week, the VPN filter botnet is trying to make a comeback said security researchers. JASK and HreyNoise Intelligence revealed this matter on Friday which showed the same threat actor was built into the second iteration of the VPN filter which is attempting to compromise new routers and build a new VPNFilter.

According to Telemetry data gathered this week, the VPN filter botnet is trying to make a comeback said security researchers. JASK and HreyNoise Intelligence revealed this matter on Friday which showed the same threat actor was built into the second iteration of the VPN filter which is attempting to compromise new routers and build a new VPNFilter.

Most of the scans have looked for Mikrotik routers with port 2000 exposed to the network which are in Ukrainian locations. Furthermore, the old VPNFilter also consisted of C&C server which is dedicated to managing Ukrainian devices which are entirely separate from the initial botnet.

The public disclosure revealed that the group behind the updated version is APT28 which is a Russian cyber-espionage unit and was currently preparing to attack Ukraine’s IT infrastructure. The researchers of Cisco Talos revealed that this botnet’s existence and also notified the FBI which helped them take over the domain which is currently managed to use the VPN filter command and control infrastructure. This didn’t stop the group from starting a new attack and finding new devices to compromise on the network. The malware is considered as one of the most advanced pieces of IoT malware which compromises the system in a three-stage attack.

The first stage consists of a payload that can achieve boot persistence on devices which can also survive the reboot from routers. The second stage follows by the injection of a Remote Access Token (RAT) and for the third stage, the hackers use this RAT software to add malicious functionality to the router.

A report from Estonian Foreign Intelligence Service claimed that APT28 is a unit of Russian Military Main Intelligence Directorate (GRU) which is behind many cyber attacks on the past such as NotPetya ransomware and BlackEnergy attacks. The Ukrainian officials need to strong to survive the attack from the malware again as it has risen from the ashes.

Take your time to comment on this article.

Sponsored Ads:

Comments:

Previous article >


Struggling with VPN

Category: Microsoft|May 3, 2024 | Author: Admin

This is how Huawei tricked its way into the US

Category: IT|May 2, 2024 | Author: Admin

Edge 125 arrives in Beta with sleeping tab improvements and other changes

Category: IT|May 1, 2024 | Author: Admin

Now the iPad opens

Category: Apple|Apr 30, 2024 | Author: Admin

Woke up locked out of Apple ID on iPhone

Category: Apple|Apr 29, 2024 | Author: Admin

Google has a hidden collection of highly-addictive retro games

Category: Google|Apr 28, 2024 | Author: Admin

Google is officially a $2 trillion company

Category: Google|Apr 27, 2024 | Author: Admin

Snowden: “DO NOT use Reddit!”

Category: IT|Apr 26, 2024 | Author: Admin

Popular Google app used by millions set to close in a few weeks

Category: Google|Apr 25, 2024 | Author: Admin

Cheeky, YouTube!

Category: Google|Apr 24, 2024 | Author: Admin

This is the date Apple will reveal new iPads

Category: Apple|Apr 23, 2024 | Author: Admin

Only possible with VPN

Category: IT|Apr 22, 2024 | Author: Admin

Apple sidles into sideloading in the EU

Category: Apple|Apr 21, 2024 | Author: Admin

Report: Microsoft-OpenAI ownership might get conditional OK from EU regulators

Category: IT|Apr 20, 2024 | Author: Admin

Giant change at Google could change everything

Category: Google|Apr 19, 2024 | Author: Admin
more