These include a packet sniffer for spying on traffic that is routed through the device, including theft of website credentials and monitoring of Modbus SCADA protocols. There are several known Stage 3 modules, which act as plugins for Stage 2. It does this by overwriting a section of the device’s firmware and rebooting, rendering it unusable. It also has a destructive capability and can effectively “brick” the device if it receives a command from the attackers. Stage 2 contains the main payload and is capable of file collection, command execution, data exfiltration, and device management. ![]() ![]() Stage 1 is installed first and is used to maintain a persistent presence on the infected device and will contact a command and control (C&C) server to download further modules. Q: What does VPNFilter do to an infected device?Ī: VPNFilter is a multi-staged piece of malware. There is no indication at present that the exploit of zero-day vulnerabilities is involved in spreading the threat. Q: How does VPNFilter infect affected devices?Ī: Most of the devices targeted are known to use default credentials and/or have known exploits, particularly for older versions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |