Menu
Asus, D-Link and Huawei devices also targeted in global malware campaign

Asus, D-Link and Huawei devices also targeted in global malware campaign

Six other vendors have been targeted in the malware attack that infected 500,000 devices

Cisco cyber intelligence unit Talos has found that the actor behind the global VPNFilter malware campaign also targeted Asus, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE devices.

On 23 May, Talos warned that hackers had infected at least 500,000 networking devices in 54 countries. At the time, the known affected vendors were Linksys, MikroTik, Netgear and TP-Link.

Small and home office (SOHO) and QNAP network-attached storage (NAS) devices were the targeted devices.

Now Talos believes the actor, which it claims is likely state-sponsored or state-affiliated, has also targeted the devices of six additional vendors, including Asus, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE.

"The list of makes and models at risk is getting longer. We'd urge users to check to see if their device is being targeted by this bad actor, and take the recommended steps to protect themselves," Cisco Talos outreach leader Craig Williams said.

Since its preliminary findings, Talos has now found there is a way for the attacker to inject malicious content into web traffic as it passes through network device without the user's knowledge. 

This is done through a new stage 3 module that allows the actor to deliver exploits to endpoints via a man-in-the-middle capability. In other words, the hacker intercept network traffic and inject malicious code into it without the user's knowledge.

Talos has also discovered an additional stage 3 module that provides any stage 2 module that lacks the kill command the capability to disable the device. When executed, this module specifically removes traces of the VPNFilter malware from the device and then renders the device unusable.

According to Talos, this makes it clear that the VPNFilter threat was meant to leverage the victim's devices in a much bigger way.

"The technical sophistication of this attack is like nothing we've ever seen before. The bad guys continue to innovate and iterate using a modular approach. Our research into this show they can deliver threats to the endpoint and network. Once you can inject code you can quite literally do anything- steal passwords, install software…"  Cisco Talos vice president Matt Watchinski said.

Cisco Talos said in a statement that the VPNFilter attack is more significant than originally thought but reaffirms that the attack did not compromise enterprise-grade routers, including all Cisco routers and switches.



Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwareD-LinkLinksysnetgearHuaweiasusTP-LinkZTEUbiquitiVPNFilterMikroTikUPVELCisco Talos

Featured

Slideshows

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

New Zealanders kick-started EDGE 2018 with a bout of Super Rugby before a dedicated New Zealand session, in front of more than 50 partners, vendors and distributors on Hamilton Island.​

EDGE 2018: Kiwis kick back with Super Rugby before NZ session
EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018 kicked off with a dedicated New Zealand track, highlighting the key customer priorities across the local market, in association with Dell EMC. Delivered through EDGE Research - leveraging Kiwi data through Tech Research Asia - more than 50 partners, vendors and distributors combined during an interactive session to assess the changing spending patterns of the end-user and the subsequent impact to the channel.

EDGE 2018: Kiwis assess key customer priorities through NZ research
Show Comments