Threat Intelligence Report: VPNFilter Malware

Threat intelligence is an elusive concept. Cyber-security vendors have developed numerous definitions for it based upon different procedural viewpoints. As a result, the key concept and principle of threat intelligence is explaining the role it plays within cyber-security and network defence, while offering advice and best practice. This will equip the reader with a basic understanding of the benefits of threat intelligence and the importance of investing effort and resources into responding to it.

A definition of Threat Intelligence:
[It is] evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.

Name of Exploit

Type of Exploit
Malware, Command and Control, Hardware Hijacking, Credential Stealer

How Exploit is Spread
Infected devices scan the internet looking for other devices running older and unpatched firmware. These then use a range of public exploits or default credentials to access the device and implant the malware on the victim’s router.

Global Risk
High – This malware particularly targets devices in Ukraine and Russia, but it has been reported that more than 500.000 devices in over 54 countries have been infected. The malware being a multi-platform and multi-phase exploit, it has a diverse range of capabilities which include credentials stealing, traffic injection and rendering the device unusable.

Download the full report

Leave a Reply