SafeBreach Labs has updated the Hacker's Playbook™ with simulations for new attacks described in US-CERT Alert (TA18-145A), which is estimated to have infected hundreds of thousands of home and office routers and networked devices worldwide.

This campaign relies on the VPNFilter malware. Once installed, this malware is known to collect intelligence, exploit LAN devices, and block network traffic. The malware also has destructive capabilities, and is able to render affected devices inoperable. As always, SafeBreach Labs will continue to monitor the situation, and develop new simulations as necessary.

SafeBreach recommends all industries and businesses simulate this attack to identify whether or not they are protected against this campaign. To assess security control effectiveness against techniques involved in this attack, the SafeBreach Breach and Attack Simulation Platform specifically tests the following endpoint and network security controls:

Newly added playbook methods related to TA18-145A

Playbook #1563 - Transfer of VPNFilter over HTTP/S

  • Network Controls - Are security controls in place to prevent the download and transfer of the malware used in this attack?

Additional breach methods added recently include:


Subscribe to blog post