SYNful Knock: A Cisco Implant | FireEye

SYNful Knock: Malicious Program Analysis
of the Cisco Implant

Cyber attackers are becoming more sophisticated. They are not just looking for quick, easy access to a network; they are alert to opportunities for long-term gain. And they’re exploring new vectors to achieve that goal. Case in point: the latest compromise known as SYNful Knock. 

Security experts at Mandiant, a FireEye company, have confirmed at least 14 incidents worldwide of this malicious router compromise.

The highly sophisticated SYNful Knock is a stealth modification of a router’s firmware image that can have an ongoing impact on your business. It gives attackers an entry point to establish a foothold and compromise other hosts and critical data.

Download this white paper and get details on:

  • How SYNful Knock works 
  • How it impacts your network 
  • How to hunt for and remediate an attack
  • How this new discovery opens up concerns for the future


A New Threat Vector: Cisco Routers

Download the Report

SYNful Knock: A Cisco Implant

© 2018 FireEye, Inc. All rights reserved. Privacy Policy. FireEye on Facebook    FireEye on Twitter    FireEye on LinkedIn    FireEye Blog: Malware Intelligence Lab