Cisco’s Talos security group has discovered new details on the VPNFilter modular malware threat since they first revealed the campaign late last month.
Talos says that VPNFilter is now targeting more makes/models of devices than the company initially thought. VPNFilter also has added capabilities to include ability to deliver exploits to endpoints.
“These new vendors are ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE. New devices were also discovered from Linksys, MikroTik, Netgear, and TP-Link. Our research currently shows that no Cisco network devices are affected,” Talos said in recent blog post.
Talos also discovered a new stage 3 module (aka “ssler“) that injects malicious content into web traffic as it passes through a network device. After further analysis, the new stage 3 module then allows a threat actor to perform a man-in-the-middle exploit to endpoints without user’s knowledge.
Another module dubbed “dstr” was also used to remove traces of VPNFilter and then renders the device unusable.
Further details on both ssler and dstr have also been provided in the Talos report.