New Malware: VPNFilter

A new malware, believed to be linked to Russia, has compromised home and office routers and other networked devices worldwide. The malware, known as “VPNFilter,” has affected more than half a million routers so far, and the threat continues to grow. It is able to perform multiple functions, including information collection, device exploitation, and blocking network traffic.

VPNFilter Details

VPNFilter targets SOHO routers and network-access storage (NAS) devices. The impact and scope of the malware is significant with targeted routers from several manufacturers. Models include ASUS, D-Link, Huawei, Linksys, MikroTik, Netgear, QNAP, TP-Link, Ubiquiti, UPVEL, and ZTE.


VPNFilter is able to render small office and home office routers inoperable, and it can potentially collect information passing through the router. Detection and analysis of the malware’s network activity is complicated by its use of encryption. The VPNFilter botnet uses several stages of malware, and experts continue to discover new aspects of the malware. Most recently, Cisco’s Talos discovered a new stage 3 module called “ssler” that injects malicious content into web traffic as it passes through a network device.

Who is Behind the Attack?

The U.S. Justice Department opens in a new window blames the malware on the Russian Sofacy Group, also known as Pawn Storm, Fancy Bear, and Sednit. The group targets government, military, and security organizations, and other targets of perceived intelligence value.

The FBI Recommends Rebooting Your Router

The FBI responded to the threat by seizing a domain used by the attackers. This was a critical step in minimizing the impact of the malware. However, this step didn’t solve the entire issue. Therefore, there are a few steps you should take to protect yourself. The FBI opens in a new window recommends that “any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices.” You should also disable the remote access feature on devices, change your default password to a strong one, and upgrade your device to the latest version of firmware.

Date Posted: 6/12/18
Date Last Updated: 6/4/19

By: RTI Marketing Team

Riverside Technologies, Inc. (RTI) specializes in managed services, IT hardware, warehouse services, and technology deployment.

Our solutions can help you achieve your goals.

Contact Us

Categories: Security

The owner of this website has made a commitment to accessibility and inclusion, please report any problems that you encounter using the contact form on this website. This site uses the WP ADA Compliance Check plugin to enhance accessibility.