Story image

VPNFilter hits more networking devices: ASUS, D-Link, Huawei amongst those affected

08 Jun 2018

Cisco Talos says the VPNFilter malware currently infecting hundreds of thousands of endpoint devices is going after more devices than they initially thought.

The VPNFilter malware surfaced at the end of May and had targeted at least 500,000 routers and storage devices produced by Linksys, Microtik, Netgear, QNAP, and TP-Link.

This week researchers says the malware is targeting even more home-office network and network-attacked storage devices, including ASUS, D-Link, Huawei, Ubiquiti, Upvel, and ZTE.

Researchers say the malware also has new capabilities that allow it to inject malicious content into web traffic as it passed through an infected device.

“ The new module allows the actor to deliver exploits to endpoints via a man-in-the-middle capability (e.g. they can intercept network traffic and inject malicious code into it without the user's knowledge). With this new finding, we can confirm that the threat goes beyond what the actor could do on the network device itself, and extends the threat into the networks that a compromised network device supports,” they state.

“Additionally, we've discovered an additional stage 3 module that provides any stage 2 module that lacks the kill command the capability to disable the device. When executed, this module specifically removes traces of the VPNFilter malware from the device and then renders the device unusable.”

Cisco Talos says it will continue to monitor the VPNFilter threat and work with partners to understand it. 

Read our previous coverage about the VPNFilter threat here.

The full list of affected devices is below. Cisco warns that this list may still be incomplete.

ASUS DEVICES:

  • RT-AC66U (new)
  • RT-N10 (new)
  • RT-N10E (new)
  • RT-N10U (new)
  • RT-N56U (new)
  • RT-N66U (new)

D-LINK DEVICES:

  • DES-1210-08P (new)
  • DIR-300 (new)
  • DIR-300A (new)
  • DSR-250N (new)
  • DSR-500N (new)
  • DSR-1000 (new)
  • DSR-1000N (new)

HUAWEI DEVICES:

  • HG8245 (new)

LINKSYS DEVICES:

  • E1200
  • E2500
  • E3000 (new)
  • E3200 (new)
  • E4200 (new)
  • RV082 (new)
  • WRVS4400N

MIKROTIK DEVICES:

  • CCR1009 (new)
  • CCR1016
  • CCR1036
  • CCR1072
  • CRS109 (new)
  • CRS112 (new)
  • CRS125 (new)
  • RB411 (new)
  • RB450 (new)
  • RB750 (new)
  • RB911 (new)
  • RB921 (new)
  • RB941 (new)
  • RB951 (new)
  • RB952 (new)
  • RB960 (new)
  • RB962 (new)
  • RB1100 (new)
  • RB1200 (new)
  • RB2011 (new)
  • RB3011 (new)
  • RB Groove (new)
  • RB Omnitik (new)
  • STX5 (new)

NETGEAR DEVICES:

  • DG834 (new)
  • DGN1000 (new)
  • DGN2200
  • DGN3500 (new)
  • FVS318N (new)
  • MBRN3000 (new)
  • R6400
  • R7000
  • R8000
  • WNR1000
  • WNR2000
  • WNR2200 (new)
  • WNR4000 (new)
  • WNDR3700 (new)
  • WNDR4000 (new)
  • WNDR4300 (new)
  • WNDR4300-TN (new)
  • UTM50 (new)

QNAP DEVICES:

  • TS251
  • TS439 Pro
  • Other QNAP NAS devices running QTS software

TP-LINK DEVICES:

  • R600VPN
  • TL-WR741ND (new)
  • TL-WR841N (new)

UBIQUITI DEVICES:

  • NSM2 (new)
  • PBE M5 (new)

UPVEL DEVICES:

  • Unknown Models* (new)

ZTE DEVICES:

  • ZXHN H108N (new)
Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Norwegian aluminium manufacturer hit hard by LockerGoga ransomware attack
“IT systems in most business areas are impacted and Hydro is switching to manual operations as far as possible.”
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.