VPNFilter Update – VPNFilter exploits endpoints, targets new devices

June 6, 2018 - 3 Comments


Cisco Talos, while working with our various intelligence partners, has discovered additional details regarding “VPNFilter.” In the days since we first published our findings on the campaign, we have seen that VPNFilter is targeting more makes/models of devices than initially thought, and has additional capabilities, including the ability to deliver exploits to endpoints. Talos recently published a blog about a broad campaign that delivered VPNFilter to small home-office network devices, as well as network-attached storage devices. As we stated in that post, our research into this threat was, and is, ongoing. In the wake of that post, we have had a number of partners step forward with additional information that has assisted us in our work. This post is an update of our findings over the past week.

Read more here.


In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. The news has gone strangely quite on this topic. It's July and I haven't hear any progress reports. None from my router's manufacture either.

  2. I have a linksis E3000 router which I read is possibly vulnerable to VPNFilter……ssler malware.
    How can I determine if it is aready loaded on my system?
    Is their a repair protcol or procedure to clean, or a patch?


    • I've the same question. I have the E3000 router. I did not see any updated firmware to handle/fix this vulnerability. What's the recommendation?