Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>Attackers install highly persistent malware implants on Cisco routers

Attackers install highly persistent malware implants on Cisco routers


Security researchers have detected a real-world attack that has installed rogue firmware on business routers in four countries. The router implant, dubbed SYNful Knock, provides attackers with highly privileged backdoor access to the affected devices and persists even across reboots. This is different than the typical malware found on consumer routers, which gets wiped from memory when the device is restarted. SYNful Knock is a modification of the IOS operating system that runs on professional routers and switches made by Cisco Systems. So far it was found on Cisco 1841, 8211 and 3825 “integrated services routers,” which are typically used by businesses in their branch offices or by providers of managed network services.
 
Source:
Computer World
 
Ars Technica
 
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis