www.belgium.be Logo of the federal government

VPNFilter malware targets networking devices worldwide

Advisory #2018-018
Affected software: 
consumer-grade routers made by Asus,D-Link,Huawei,Linksys, MikroTik, Netgear, TP-Link,Ubiquiti,Upvel,ZTE and network-attached storage devices from QNAP. The device lists on the Talos and Symantec blog posts are incomplete, it is possible more device types
IoT botnet




The malware is capable of file collection, command execution, data exfiltration, device management, theft of website credentials, monitoring of Modbus SCADA protocols and self destruct. The self destruct function can damage the router.


Researchers of Cisco Talos Intelligence have discovered an advanced malware infecting consumer grade routers worldwide. The malware has advanced capabilities for performing large scale attacks as well as intercepting and exfiltrating local traffic. List of affected router models can be found on the Talos Intelligence blog, please not that this list may still be incomplete.

Recommended Actions

Perform a factory reset and reconfigure the device.
Upgrade the firmware as soon as updates are available.
Due to the potential for destructive action by the threat actor, we recommend that these actions be taken for all SOHO or NAS devices, whether or not they are known to be affected by this threat.

More Information

Version history

1.0 Initial document
1.1 Update to vendors affected