Russian Router Exploits


It seems as if Russia is highly interested in the information we post on our blog. They are also seemingly interested in attacking your routers.

After recent VPNFilter attacks, we have now witnessed Russia joining in on the action. As of 1:38AM EST, we have observed several sites see activity from 185.94.111[.]1 which was have not seen before. It seems as though Russia is working on automating their attacks. We have sinkholed the activity on our customers and thought we might want to warn the public. It should be noted that our customers are not vulnerable to VPNFilter but these exploits are similar to what we have observed at sites not under management by Jigsaw Security.

Customers using FirstWatch sensors are also safe from VPNFilter and attacks using similar methods to exploit routers. We can fully expect to be observing scanning for exposed Telnet servers. In fact 80% of the activity we are currently seeing on our sensors is believed to be directly related to VPNFilter scans and attacks.

We know Russia is very interested in our reporting because everytime we post a new update within 5 to 10 minutes we see Russian activity on our site.

What is VPNFilter?

VPNFilter is malware designed to infect routers. ... It can steal data, contains a "kill switch" designed to destroy the infected router on command, and is able to persist should the user reboot the router.

IOCS

185.94.111[.]1

Additional Information VPNFilter:

Read Symantec's take on VPNFilter

Read Cisco's take on VPNFilter

#IPS #FirstWatch

0 views

Contact: (800)447-2150 Ext. 1        To contact Jigsaw simply send a message in our chat window!

  • Facebook - Black Circle
  • Twitter - Black Circle

© 2017-2018 Jigsaw Security Enterprise Inc.

Jigsaw Security Enterprise Inc is a SDVOSB - Service Connected Disabled Veteran Owned Small Business Jigsaw Security is an operator of WIMAX networks and is operating under license WQVC235 as a common carrier, non-common carrier and private communications operator. Jigsaw Security operates cable and satellite services. Courses may be provided by a third party authorized training partner in some cases. Some training is only available for cleared and US Citizens. Courses approved by the North Carolina Department of Public Safety Private Protective Services Board for licensing and CE credits. JPM program insurance is provided by an authorized Jigsaw Security Insurance Partner and is not underwritten by Jigsaw Security. For insurance information please contact our JPM program manager. Jigsaw Security operates a network through our NCBroadband brand.