VPNFilter, 3 years later

Guest post from the ICS cyber security blog:
VPNFilter, 3 years later
Later life of a botnet affecting ICS systems

During 2018, I have written several times about the VPNFilter malware, which (among many other incidents) was responsible for an attack on the ICS systems of a Ukrainian water utility company.

Two and a half (more like three) years after the first blog post, new information about VPNFilter has been published, and it seems that there are still devices on the Internet where the infection has not yet been eradicated.

A number of measures have been taken in recent years (e.g. In addition, TrendMicro’s analysis shows that even when building IoT botnets, some attackers tend to remove malware and backdoors installed by rivals from devices already compromised by others, in order to use the device as a member of their own botnet, which has also reduced the number of IoT devices infected with VPNFilter.

Further details, technical information and advice on VPNFilter survival can be found in the TrendMicro article linked above.


The original guest post was published on the ICS cyber security blog.

Translated by DeepL.