"Hundreds of Networks Still Host Devices Infected With VPNFilter Malware"

According to researchers at Trend Micro, hundreds of networks still contain VPNFilter malware, leaving infected devices open to being controlled by malicious actors. VPNFilter was identified in 2018 and is believed to be operated by the Russian state-sponsored hacker group Sofacy. This malware has infected routers and network-attached storage (NAS) devices from ASUS, D-Link, MikroTik, Ubiquiti, Linksys, UPVEL, and more. VPNFilter has various modules that allow it to map networks, exploit endpoints connected to infected devices, exfiltrate data, encrypt command-and-control (C&C) server communications, create a network of proxies for future abuse, and find more victims. To determine whether the botnet remains a real threat, Trend Micro reached out to the Shadowserver Foundation, which worked with Cisco Talos, the FBI, and the US Department of Justice. They sinkholed the domain from which VPNFilter attempts to obtain the address of its C&C server. The analysis of data collected from the sinkhole reveals that more than 5,000 unique devices are still connecting to the domain, suggesting that the devices are still infected by VPNFilter. Trend Micro emphasizes that the number of infections not only represents individual machines but also thousands of infected networks. This article continues to discuss the history of VPNFilter malware, recent discoveries surrounding its continued impact, and how to address this problem. 

Security Week reports  "Hundreds of Networks Still Host Devices Infected With VPNFilter Malware"