Tuesday, September 15, 2015

FireEye Calls Out SYNful Knock - A Cisco router implant

FireEye published a technical overview of SYNful Knock, a stealthy modification of a Cisco router's firmware image that can be used to maintain persistence within a victim's network. The backdoor malware reportedly has been confirmed in a number of router implants spread across four different countries:  Ukraine, Philippines, Mexico, and India.

FireEye warned that this attack vector is potentially severe.