Russian Router Exploits


It seems as if Russia is highly interested in the information we post on our blog. They are also seemingly interested in attacking your routers.

After recent VPNFilter attacks, we have now witnessed Russia joining in on the action. As of 1:38AM EST, we have observed several sites see activity from 185.94.111[.]1 which was have not seen before. It seems as though Russia is working on automating their attacks. We have sinkholed the activity on our customers and thought we might want to warn the public. It should be noted that our customers are not vulnerable to VPNFilter but these exploits are similar to what we have observed at sites not under management by Jigsaw Security.

Customers using FirstWatch sensors are also safe from VPNFilter and attacks using similar methods to exploit routers. We can fully expect to be observing scanning for exposed Telnet servers. In fact 80% of the activity we are currently seeing on our sensors is believed to be directly related to VPNFilter scans and attacks.

We know Russia is very interested in our reporting because everytime we post a new update within 5 to 10 minutes we see Russian activity on our site.

What is VPNFilter?

VPNFilter is malware designed to infect routers. ... It can steal data, contains a "kill switch" designed to destroy the infected router on command, and is able to persist should the user reboot the router.

IOCS

185.94.111[.]1

Additional Information VPNFilter:

Read Symantec's take on VPNFilter

Read Cisco's take on VPNFilter

#IPS #FirstWatch

49 views

Contact: (800)447-2150 Ext. 1        To contact Jigsaw simply send a message in our chat window!

  • Facebook - Black Circle
  • Twitter - Black Circle

© 2017-2020 Jigsaw Security Enterprise Inc.

Jigsaw Security Enterprise Inc is a SDVOSB - Service Connected Disabled Veteran Owned Small Business