Cisco routers in at least 4 countries infected by highly stealthy backdoor

Source: 
Author: 
Coverage Type: 

Researchers have uncovered active and highly clandestine attacks that have infected more than a dozen Cisco routers with a backdoor that can be used to gain a permanent foothold inside a targeted network. The SYNful knock malware has been found on 14 routers in four countries, including Ukraine, the Philippines, Mexico, and India and is likely being used to infect other parts of the targeted networks, researchers from security firm FireEye wrote in a report. The malicious router implants are loaded each time the device is powered on and support up to 100 modules, which can be tailored to individual targets. Cisco Systems officials have confirmed the findings and published intrusion detection signatures that customers can use to block attacks in progress.

"The impact of finding this implant on your network is severe and most likely indicates the presence of other footholds or compromised systems," FireEye researchers wrote. "This backdoor provides ample capability for the attacker to propagate and compromise other hosts and critical data using this as a very stealthy beachhead." The FireEye report gave no details about the organizations that the 14 infected routers belonged to and whether the people behind the attacks are working for a state-sponsored spy agency or a criminal organization motivated by financial gain.


Cisco routers in at least 4 countries infected by highly stealthy backdoor