For several months, Talos has been working with public- and
private-sector threat intelligence partners and law enforcement in
researching an advanced, likely state-sponsored or state-affiliated
actor's widespread use of a sophisticated modular malware system we call
"VPNFilter." We have not completed our research, but recent events have
convinced us that the correct way forward is to now share our findings
so that affected parties can take the appropriate action to defend
themselves. In particular, the code of this malware overlaps with
versions of the BlackEnergy malware — which was responsible for multiple
large-scale attacks that targeted devices in Ukraine. While this isn't
definitive by any means, we have also observed VPNFilter, a potentially
destructive malware, actively infecting Ukrainian hosts at an alarming
rate, utilizing a command and control (C2) infrastructure dedicated to
that country. Weighing these factors together, we felt it was best to
publish our findings so far prior to completing our research. Publishing
early means that we don't yet have all the answers — we may not even
have all the questions — so this blog represents our findings as of
today, and we will update our findings as we continue our investigation.
Find out more at the Talos blog here.
Comments
Post a Comment