The FBI has seized a key server of hackers, used to create the Fancy Bear global botnet. It could give answers on the victims and on how to stop the russian cyber warfare
The US reacts to the maxi cyber attack of the Fancy Bear pro-Russian hackers (aka APT 28, STRONTIUM and others) with the VPN Filter malware. The FBI has seized a key server of hackers, used to create the global botnet of over 500,000 hacked routers, as The Daily Beast has learned. The aim of the G-men is to build a comprehensive list of victims of the aggression, and short-circuits Moscow’s ability to reinfect its targets. Until now, according to cyber security researchers of Cisco Talos and Symantec, the state-sponsored hackers have attacked in at least 54 countris since the last August, when FBI started the investigation. The malicious code, moreover, is highly selective. In the Ukraine, for example, the infection hosts at an alarming rate, utilizing a command and control (C2) infrastructure dedicated to that country.
The Talos cyber security experts: Both the scale and the capability of the Fancy Bear cyber attacks are concerning
Both the scale and the capability of the Fancy Bear cyber attacks are concerning for Talos cyber security experts. The company estimates the number of infected devices to be at least 500,000 in at least 54 countries. “The behavior of this malware on networking equipment is particularly concerning, as components of the VPN Filter allows for theft of website credentials and monitoring of Modbus SCADA protocol – it’s written on the company’s blog -. Lastly, the malware has a destructive capability that can render an infected device unusable, which can be triggered on individual victim machines or en masse, and has the potential of cutting off internet access for hundreds of thousands of victims worldwide.” So the malicious hacker can spread their cyber warfare fastly.
The pro-Russia hackers cyber campaign and the modular malware are highly destructive and espansive
The Talos conclusion on the cyber warfare operation and its TTPs is that “VPNFilter is an expansive, robust, highly capable, and dangerous threat that targets devices that are challenging to defend. Its highly modular framework allows for rapid changes to the actor’s operational infrastructure, serving their goals of misattribution, intelligence collection, and finding a platform to conduct attacks. The destructive capability particularly concerns us. This shows that the actor is willing to burn users’ devices to cover up their tracks, going much further than simply removing traces of the malware. If it suited their goals, this command could be executed on a broad scale, potentially rendering hundreds of thousands of devices unusable, disabling internet access for hundreds of thousands of victims worldwide or in a focused region where it suited the actor’s purposes”.