Notebookcheck Logo

Russia accused of plotting massive VPNFilter malware attack

Talos has estimated that VPNFilter has infected devices in at least 54 countries. (Source: Cisco)
Talos has estimated that VPNFilter has infected devices in at least 54 countries. (Source: Cisco)
There has been a report published stating at least 500,000 networking devices around the world have been infected by malware known as VPNFilter. It has been speculated that Russian state-sponsored hackers are behind the attack due to the activity specifically aimed at devices based in the Ukraine. Apparently, VPNFilter offers both intelligence-gathering and destructive capabilities.

A report published by Cisco Talos Intelligence Group has stated that over half a million network devices worldwide have been exposed to the VPNFilter malware. The software is capable of operating in an intelligence-gathering mode by stealing website credentials and monitoring network usage, and it is also able to provide a disconcerting destructive functionality that can shutdown infected devices. The statement from Talos provides information about the most likely affected devices:

The known devices affected by VPNFilter are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well at QNAP network-attached storage (NAS) devices.

A warning on the website for the US Computer Emergency Readiness Team (US-CERT) advises those with devices that might be infected to make sure all necessary security patches are downloaded and installed. Because of the apparent focus on networking devices in the Ukraine, it has been widely speculated that Russia is behind VPNFilter, with a possibility that there is intent to cause major disruption before the Champions League final, which is taking place in the Ukrainian capital of Kiev on Saturday.

This is not the first time Russia has been accused of planning such an attack. The Talos report mentions that the VPNFilter malware comes with a self-destruct ability, which if used would leave the infected device inoperable:

Lastly, the malware has a destructive capability that can render an infected device unusable, which can be triggered on individual victim machines or en masse, and has the potential of cutting off internet access for hundreds of thousands of victims worldwide.


static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2018 05 > Russia accused of plotting massive VPNFilter malware attack
Daniel R Deakin, 2018-05-24 (Update: 2018-05-24)