ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE: these are the vendors newly-named by Cisco’s Talos Intelligence as being exploited by the malware scum running the VPNFilter attacks, and the attack’s been spotted hitting endpoints behind vulnerable kit.
As well as the expanded list of impacted devices, Talos warned that VPNFilter now attacks endpoints behind the firewall, and now sports a “poison pill” to destroy an infected device if necessary.
When first discovered, VPNFilter was spotted in half a million devices – but only SOHO devices from Linksys, MikroTik, Netgear, TP-Link, and QNAP storage kit.
As well as the six new vendors added to the list, Talos said more devices from Linksys, MikroTik, Netgear, and TP-Link are affected. Talos noted that to date, all the vulnerable units are consumer-grade or SOHO-grade.
All in all, it seems the early VPNFilter attacks amounted to a dry run to see if there were enough vulnerable boxen to make the effort worthwhile.