The Federal Bureau of Investigation (FBI) reported last week that a new malware known as VPNFilter has infected over half-million routers. This malware is mostly targeting routers used in home and small offices and is able to monitor traffic, cut off access to the internet or even wipe routers. The malware is linked to the Russian "Sofacy Group" and "Fancy Bear" (the same group that was responsible for the Democratic National Committee cyber-attacks). To date, the FBI has seized the domain (toknowall.com) used to send commands to the infected routers.
While our clients' business routers and firewalls are not susceptible to this new threat, many people's home internet router/firewall may be vulnerable. We have been monitoring this latest threat and wanted to notify our clients that home users should reboot their internet router/firewall immediately.
According the FBI, routers from Linksys, Netgear, TP-Link, and MikroTik are vulnerable and it is recommended rebooting these routers. If you are unsure the make or model of your router, we recommend unplugging the power for one minute and plugging back in to reboot the device.
Below is a list of routers identified as vulnerable to VPNFilter according to Cisco:
- Linksys E1200
- Linksys E2500
- Linksys WRVS4400N
- Mikrotik (Versions 1016, 1036, and 1072)
- Netgear DGN2200
- Netgear R6400
- Netgear R7000
- Netgear R8000
- Netgear WNR1000
- Netgear WNR2000
- QNAP TS251
- QNAP TS439 Pro
- QNAP NAS running QTS software
- TP-Link R600VPN
Again, to help reduce exposure to this widespread malware, the FBI and security firms are urging users to turn off any remote administration features, reboot routers and network-attached storage (NAS) devices, and ensure routers are running on the latest firmware.