VPNFilter

VPNFilter is malware designed to infect routers and certain network attached storage devices. As of 24 May 2018, it is estimated to have infected approximately 500,000 routers worldwide, though the number of at-risk devices is larger.^[1] It can steal data, contains a "kill switch" designed to disable the infected router on command, and is able to persist should the user reboot the router.^[2] The FBI believes that it was created by the Russian Fancy Bear group.^[3]^[4] In February 2022, the CISA announced that a new malware called Cyclops Blink produced by Sandworm had replaced VPNFilter.^[5]

^ "VPNFilter Update and Our First Summit Recap". Cisco Talos Intelligence. 2018-06-21. Retrieved 2018-06-26.
^ "VPNFilter state-affiliated malware pose lethal threat to routers". SlashGear. 2018-05-24. Retrieved 2018-05-31.
^ Cite error: The named reference beast was invoked but never defined (see the help page).
^ Cite error: The named reference zdnet was invoked but never defined (see the help page).
^ "New Sandworm Malware Cyclops Blink Replaces VPNFilter | CISA". www.cisa.gov. Retrieved 2022-06-27.

[Talos-update-1] "VPNFilter Update and Our First Summit Recap". Cisco Talos Intelligence. 2018-06-21. Retrieved 2018-06-26.

[:1-2] "VPNFilter state-affiliated malware pose lethal threat to routers". SlashGear. 2018-05-24. Retrieved 2018-05-31.

[beast-3] Cite error: The named reference beast was invoked but never defined (see the help page).

[zdnet-4] Cite error: The named reference zdnet was invoked but never defined (see the help page).

[5] "New Sandworm Malware Cyclops Blink Replaces VPNFilter | CISA". www.cisa.gov. Retrieved 2022-06-27.

[1]

[2]

[3]

[4]

[5]