VPNFilter (b2ea039c-3cd4-54f4-a46f-9ee79fe6350b)
VPNFilter is a multi-stage, modular platform with versatile capabilities to support both intelligence-collection and destructive cyber attack operations. VPNFilter modules such as its packet sniffer ('ps') can collect traffic that passes through an infected device, allowing the theft of website credentials and monitoring of Modbus SCADA protocols. [William Largent June 2018] [Carl Hurd March 2019] VPNFilter was assessed to be replaced by Sandworm Team with Cyclops Blink starting in 2019.[NCSC CISA Cyclops Blink Advisory February 2022]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Sandworm Team (16a65ee9-cd60-4f04-ba34-f2f45fcfc666) | Tidal Groups | VPNFilter (b2ea039c-3cd4-54f4-a46f-9ee79fe6350b) | Tidal Software | 1 |