Story image

VPNFilter hits more networking devices: ASUS, D-Link, Huawei amongst those affected

08 Jun 2018

Cisco Talos says the VPNFilter malware currently infecting hundreds of thousands of endpoint devices is going after more devices than they initially thought.

The VPNFilter malware surfaced at the end of May and had targeted at least 500,000 routers and storage devices produced by Linksys, Microtik, Netgear, QNAP, and TP-Link.

This week researchers says the malware is targeting even more home-office network and network-attacked storage devices, including ASUS, D-Link, Huawei, Ubiquiti, Upvel, and ZTE.

Researchers say the malware also has new capabilities that allow it to inject malicious content into web traffic as it passed through an infected device.

“ The new module allows the actor to deliver exploits to endpoints via a man-in-the-middle capability (e.g. they can intercept network traffic and inject malicious code into it without the user's knowledge). With this new finding, we can confirm that the threat goes beyond what the actor could do on the network device itself, and extends the threat into the networks that a compromised network device supports,” they state.

“Additionally, we've discovered an additional stage 3 module that provides any stage 2 module that lacks the kill command the capability to disable the device. When executed, this module specifically removes traces of the VPNFilter malware from the device and then renders the device unusable.”

Cisco Talos says it will continue to monitor the VPNFilter threat and work with partners to understand it. 

Read our previous coverage about the VPNFilter threat here.

The full list of affected devices is below. Cisco warns that this list may still be incomplete.

ASUS DEVICES:

  • RT-AC66U (new)
  • RT-N10 (new)
  • RT-N10E (new)
  • RT-N10U (new)
  • RT-N56U (new)
  • RT-N66U (new)

D-LINK DEVICES:

  • DES-1210-08P (new)
  • DIR-300 (new)
  • DIR-300A (new)
  • DSR-250N (new)
  • DSR-500N (new)
  • DSR-1000 (new)
  • DSR-1000N (new)

HUAWEI DEVICES:

  • HG8245 (new)

LINKSYS DEVICES:

  • E1200
  • E2500
  • E3000 (new)
  • E3200 (new)
  • E4200 (new)
  • RV082 (new)
  • WRVS4400N

MIKROTIK DEVICES:

  • CCR1009 (new)
  • CCR1016
  • CCR1036
  • CCR1072
  • CRS109 (new)
  • CRS112 (new)
  • CRS125 (new)
  • RB411 (new)
  • RB450 (new)
  • RB750 (new)
  • RB911 (new)
  • RB921 (new)
  • RB941 (new)
  • RB951 (new)
  • RB952 (new)
  • RB960 (new)
  • RB962 (new)
  • RB1100 (new)
  • RB1200 (new)
  • RB2011 (new)
  • RB3011 (new)
  • RB Groove (new)
  • RB Omnitik (new)
  • STX5 (new)

NETGEAR DEVICES:

  • DG834 (new)
  • DGN1000 (new)
  • DGN2200
  • DGN3500 (new)
  • FVS318N (new)
  • MBRN3000 (new)
  • R6400
  • R7000
  • R8000
  • WNR1000
  • WNR2000
  • WNR2200 (new)
  • WNR4000 (new)
  • WNDR3700 (new)
  • WNDR4000 (new)
  • WNDR4300 (new)
  • WNDR4300-TN (new)
  • UTM50 (new)

QNAP DEVICES:

  • TS251
  • TS439 Pro
  • Other QNAP NAS devices running QTS software

TP-LINK DEVICES:

  • R600VPN
  • TL-WR741ND (new)
  • TL-WR841N (new)

UBIQUITI DEVICES:

  • NSM2 (new)
  • PBE M5 (new)

UPVEL DEVICES:

  • Unknown Models* (new)

ZTE DEVICES:

  • ZXHN H108N (new)
Bitglass appoints new cloud, business development leaders
The cloud security company has appointed vice presidents for worldwide channels and worldwide business development.
Ping Identity offerings accelerates cloud MFA and SSO adoption
90% of respondents trust MFA as an effective security control to protect identity data in public clouds, yet only 60% of organisations have formally adopted it.
Cloud innovation driving NZ IT services market, says IDC
Managed services makes up the largest portion of total IT services revenue. However, the project-oriented market achieved the highest YoY growth.
Ingram launches CRM backup on cloud marketplace
AvePoint Cloud Backup for Dynamics 365 is a multi-tenant solution, designed with specific features to enable channel partners and MSPs.
Trend Micro introduces cloud and container workload security offering
Container security capabilities added to Trend Micro Deep Security have elevated protection across the DevOps lifecycle and runtime stack.
Veeam joins the ranks of $1bil-revenue software companies
It’s also marked a milestone of 350,000 customers and outlined how it will begin the next stage of its growth.
Veeam enables secondary storage solutions with technology partner program
Veeam has worked with its strategic technology alliance partners to provide flexible deployment options for customers that have continually led to tighter levels of integration.
Veeam Availability Orchestrator update aims to democratise DR
The ability to automatically test, document and reliably recover entire sites, as well as individual workloads from backups in a completely orchestrated way lowers the total cost of ownership (TCO) of DR.