The VPNMalware has affected more than half million devices and Network Attached Storage devices over the 54 nations over the past few months. A new research from the Cisco published a technical paper. The malware was initially thought to be affected by the MikroTik, Netgear, TP-Link and QNAP which are made by ASUS, D-Link, Huawei, Ubiquiti, UPVEL and ZTE.
The report has seen a sharp jump from Cisco's original report, going from 16 devices to 71 models of routers. The Researchers have also found the VPNFilter capabilities which is packaged as the third stage plugin in the deployment system.
ssler - plugin for intercepting and modifying web traffic on port 80 via man-in-the-middle attacks. Plugin also supports downgrading HTTPS to HTTP.
dstr - plugin to overwriting device firmware files. Cisco knew VPNFilter could wipe device firmware, but in its recent report pinpointed this function to this specific third-stage plugin.
ps - plugin that can sniff network packets and detect certain types of network traffic. Cisco believes this plugin was used to look for Modbus TCP/IP packets, often used by industrial software and SCADA equipment, but in its most recent report claims the plugin will also look for industrial equipment that connects over TP-Link R600 virtual private networks as well.
tor - plugin used by VPNFilter bots to communicate with a command and control server via the Tor network.
The Technical documentation of the malware have been released by the Cisco's first report it has also published details about the ssler, dstr, and the ps third-stage plugins. The botnet has found to be infected all the devices in Ukraine's IT infrastructure. While many experts are thinking that the cyber attack was meant for the UEFA Champion League Soccer final which is going to be held in Kiev, Ukraine at the end of this month. The FBI has also investigated the issue to kill the botnet by taking over the command and the control of the routers in the network.
Take your time to comment on this article.
Source: BleepingComputer
Posted from my blog with SteemPress : https://latesthackingnews.com/2018/06/07/asus-d-link-huawei-ubiquiti-upvel-and-zte-routers-also-affected-by-the-vpnfilter/