Other official information and services: www.belgium.be

VPNFilter malware targets networking devices worldwide

Reference:

Advisory #2018-018

Version:

1.0

Affected software:

consumer-grade routers made by Asus,D-Link,Huawei,Linksys, MikroTik, Netgear, TP-Link,Ubiquiti,Upvel,ZTE and network-attached storage devices from QNAP. The device lists on the Talos and Symantec blog posts are incomplete, it is possible more device types

Type:

IoT botnet

Date:

31/05/2018

Sources

https://blog.talosintelligence.com/2018/05/VPNFilter.html
https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware
https://www.bleepingcomputer.com/news/security/nation-state-group-hacked...

Risks

The malware is capable of file collection, command execution, data exfiltration, device management, theft of website credentials, monitoring of Modbus SCADA protocols and self destruct. The self destruct function can damage the router.

Description

Researchers of Cisco Talos Intelligence have discovered an advanced malware infecting consumer grade routers worldwide. The malware has advanced capabilities for performing large scale attacks as well as intercepting and exfiltrating local traffic. List of affected router models can be found on the Talos Intelligence blog, please not that this list may still be incomplete.

Recommended Actions

Perform a factory reset and reconfigure the device.
Upgrade the firmware as soon as updates are available.
Due to the potential for destructive action by the threat actor, we recommend that these actions be taken for all SOHO or NAS devices, whether or not they are known to be affected by this threat.

More Information

Version history

1.0 Initial document
1.1 Update to vendors affected