VPNFilter malware targets networking devices worldwide

Reference: CERT.be Advisory #2018-018
Version: 1.1
Affected systems: consumer-grade routers made by Asus,D-Link,Huawei,Linksys, MikroTik, Netgear, TP-Link,Ubiquiti,Upvel,ZTE and network-attached storage devices from QNAP. The device lists on the Talos and Symantec blog posts are incomplete, it is possible more device types will be added.
Type: IoT botnet

Sources

https://blog.talosintelligence.com/2018/06/vpnfilter-update.html
https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware
https://www.bleepingcomputer.com/news/security/nation-state-group-hacked...

Risks

The malware is capable of file collection, command execution, data exfiltration, device management, theft of website credentials, monitoring of Modbus SCADA protocols and self destruct. The self destruct function can damage the router.

Summary

Researchers of Cisco Talos Intelligence have discovered an advanced malware infecting consumer grade routers worldwide. The malware has advanced capabilities for performing large scale attacks as well as intercepting and exfiltrating local traffic.

List of affected router models can be found on the Talos Intelligence blog, please not that this list may still be incomplete.

Recommend action

Perform a factory reset and reconfigure the device.
Upgrade the firmware as soon as updates are available.
Due to the potential for destructive action by the threat actor, we recommend that these actions be taken for all SOHO or NAS devices, whether or not they are known to be affected by this threat.

Version history

1.0 Initial document
1.1 Update to vendors affected