The Fancy Bear group’s VPNFilter malware now comes packed with new features
- The malware now has seven new modules that significantly enhance its reach.
- The multi-stage, modular malware now comes with data filtering and multiple encrypted tunneling capabilities.
The VPNFilter malware, which has successfully infected hundreds of thousands of victims across the globe. The malware is believed to have been developed by the Kremlin-linked cyberespionage group APT28 - aka Fancy Bear, Sednit, Pawn Storm, and Sofacy.
The malware was recently upgraded by the hackers and now contains seven new modules designed to significantly enhance its reach. The multi-stage, modular malware now comes with data filtering and multiple encrypted tunneling capabilities. Yet another new feature boosts the malware’s ability to exploit and infect endpoint devices.
According to security researchers at Cisco Talos, who detected VPNFilter’s new modules, although the malware’s activities have been largely been shuttered, it can still be detected in the wild on unpatched devices.
“Another dangerous capability provided by VPNFilter is the ability to turn compromised devices into proxies that could be leveraged to obfuscate the source of future, unrelated attacks by making it appear as if the attacks originate from networks previously compromised by VPNFilter,” Cisco Talos researchers said in a blog.
VPNFilter’s new expanded capabilities
VPNFilter’s new modules allow the malware to map networks and exploit endpoint systems already connected to devices compromised by the malware. The new features also provide attackers with multiple ways to obfuscate and/or encrypt malicious traffic, as well as steal data.
VPNFilter now also contains multiple tools to pinpoint more victims and has greater ability to laterally move across the network. The malware can also develop a distributed network of proxies, which could later be used in other attacks.
“The sophistication of VPNFilter drives home the point that this is a framework that all individuals and organizations should be tracking. Only an advanced and organized defense can combat these kinds of threats, and at the scale that VPNFilter is at, we cannot afford to overlook these new discoveries,” Cisco Talos researchers said.