Menu
Asus, D-Link and Huawei devices also targeted in global malware campaign

Asus, D-Link and Huawei devices also targeted in global malware campaign

Six other vendors have been targeted in the malware attack that infected 500,000 devices

Cisco cyber intelligence unit Talos has found that the actor behind the global VPNFilter malware campaign also targeted Asus, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE devices.

On 23 May, Talos warned that hackers had infected at least 500,000 networking devices in 54 countries. At the time, the known affected vendors were Linksys, MikroTik, Netgear and TP-Link.

Small and home office (SOHO) and QNAP network-attached storage (NAS) devices were the targeted devices.

Now Talos believes the actor, which it claims is likely state-sponsored or state-affiliated, has also targeted the devices of six additional vendors, including Asus, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE.

"The list of makes and models at risk is getting longer. We'd urge users to check to see if their device is being targeted by this bad actor, and take the recommended steps to protect themselves," Cisco Talos outreach leader Craig Williams said.

Since its preliminary findings, Talos has now found there is a way for the attacker to inject malicious content into web traffic as it passes through network device without the user's knowledge. 

This is done through a new stage 3 module that allows the actor to deliver exploits to endpoints via a man-in-the-middle capability. In other words, the hacker intercept network traffic and inject malicious code into it without the user's knowledge.

Talos has also discovered an additional stage 3 module that provides any stage 2 module that lacks the kill command the capability to disable the device. When executed, this module specifically removes traces of the VPNFilter malware from the device and then renders the device unusable.

According to Talos, this makes it clear that the VPNFilter threat was meant to leverage the victim's devices in a much bigger way.

"The technical sophistication of this attack is like nothing we've ever seen before. The bad guys continue to innovate and iterate using a modular approach. Our research into this show they can deliver threats to the endpoint and network. Once you can inject code you can quite literally do anything- steal passwords, install software…"  Cisco Talos vice president Matt Watchinski said.

Cisco Talos said in a statement that the VPNFilter attack is more significant than originally thought but reaffirms that the attack did not compromise enterprise-grade routers, including all Cisco routers and switches.



Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwareD-LinkLinksysnetgearHuaweiasusTP-LinkZTEUbiquitiVPNFilterMikroTikUPVELCisco Talos

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments