nanog mailing list archives
VPN Filter: botnet of routers
From: "Scott Weeks" <surfer () mauigateway com>
Date: Wed, 23 May 2018 19:04:05 -0700
Kaboom! https://www.thedailybeast.com/exclusive-fbi-seizes-control-of-russian-botnet "FBI agents armed with a court order have seized control of a key server in the Kremlin’s global botnet of 500,000 hacked routers..." "The FBI counter-operation goes after “VPN Filter,” a piece of sophisticated malware linked to the same Russian hacking group, known as Fancy Bear, that breached the Democratic National Committee and the Hillary Clinton campaign during the 2016 election." https://blog.talosintelligence.com/2018/05/VPNFilter.html "The known devices affected by VPNFilter are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well at QNAP network-attached storage (NAS) devices. No other vendors, including Cisco, have been observed as infected by VPNFilter, but our research continues. The behavior of this malware on networking equipment is particularly concerning, as components of the VPNFilter malware allows for theft of website credentials and monitoring of Modbus SCADA protocols." scott
Current thread:
- VPN Filter: botnet of routers Scott Weeks (May 23)