Router Fire

VPNFilter and Hidden Cobra

The Malware known as “VPNFilter” has infected over a million routers and can manipulate your internet traffic, harvest personal information, and serve as a launch point  for various internet attacks. More information on the report from Cisco can be found at this link. also has an article on this and what you need to know.

A recent discovery that new router-based malware, known as VPNFilter, had infected well over 500,000 routers just became even worse news. In a report expected to be released June 13, Cisco states that over 200,000 additional routers have been infected and that the capabilities of VPNFilter are far worse than initially thought. Ars Technica has reported on what to expect from Cisco Wednesday.

VPNFilter is malware that is installed on a Wi-Fi router. It has already infected almost one million routers across 54 countries, and the list of devices known to be affected by VPNFilter contains many popular consumer models. It’s important to note that VPNFilter is not a router exploit that an attacker can find and use to gain access — it is software that is installed on a router unintentionally that is able to do some potentially terrible things…”

Also in the news, but not grabbing nearly as much of the spotlight, is Hidden Cobra from North Korea’s cyberwar unit (which has apparently been active since 2009). It boils down to a remote control agent and a worm that crawls through networks. US-CERT reports that nodes for the malware were found in 17 different countries.

Networks fully managed by HTS are protected by enterprise class firewalls and wireless access points (routers) that are constantly monitored, managed and kept up-to-date. In addition, we utilize advanced endpoint security, network policies, and various forms of filtering to prevent infections and block known “Command and  Control” servers used by VPNFilter, Hidden cobra, and other threats. We take security seriously and are constantly working to stay ahead of threats like these and improve the collective security of the networks we manage. It’s unlikely that Hidden Cobra or VPNFilter will infect our managed environments, but home users as well as business networks that are not fully managed or utilize outdated and/or consumer grade equipment are most definitely at risk.

To fix the VPNFilter vulnerability you essentially need to perform a factory reset on your router, and then download the latest firmware and update. This can be difficult if your router is provided by your ISP and your ISP’s support is unhelpful. For additional details, consult your router’s manufacturer website, and check out the instructions from Android Central. If your router is a nightmare to manage or update, then that’s a pretty good sign it’s time to replace it!

Leave a Reply

Your email address will not be published. Required fields are marked *