SYNful knock: Hacked Cisco routers equipped with infected firmware

Cyber criminals and hackers have infected numerous CISCO routers with an malicious firmware. The malicious firmware, allows the cybercriminals and hackers to use the infected CISCO routers for any criminal activity. The malicious firmware has been dubbed ‘SYNFul Knock‘ by the FireEye company.


It is not the first time that such an attack has been witnessed. CISCO published an statement about the ‘SYNFul Knock’ malware.

According to Cisco: In the past, attackers were primarily targeting infrastructure devices to create a denial of service (DoS) situation. While these types of attacks still represent the majority of attacks on network devices, attackers are now looking for ways to subvert the normal behavior of infrastructure devices due to the devices’ privileged position within the IT infrastructure.  In fact, by owning an infrastructure device such as a router, the attacker may gain a privileged position and be able to access data flows or crypto materials or perform additional attacks against the rest of the infrastructure.

The FireEye research claims that the following routers are affected by the malicious firmware attack ‘SYNful Knock’:

  • Cisco 1841 router
  • Cisco 2811 router
  • Cisco 3825 router


Share This Message