Sign up for our daily briefing
Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Denver news in your inbox
Catch up on the most important stories affecting your hometown with Axios Denver
Des Moines news in your inbox
Catch up on the most important stories affecting your hometown with Axios Des Moines
Minneapolis-St. Paul news in your inbox
Catch up on the most important stories affecting your hometown with Axios Twin Cities
Tampa Bay news in your inbox
Catch up on the most important stories affecting your hometown with Axios Tampa Bay
Charlotte news in your inbox
Catch up on the most important stories affecting your hometown with Axios Charlotte
Routers from a variety of vendors are vulnerable to VPNFilter. Photo: Thomas Trutschel/Photothek via Getty Images
Cisco's Talos research group outlined a malware threat that has already infected 500,000 routers in 54 countries from a variety of manufacturers, with code substantially overlapping with known Russian attacks.
Why it matters: The threat, nicknamed VPNFilter, can infect Linksys, MikroTik, NETGEAR and TP-Link small business and home office routers as well as network storage devices. It can steal web site credentials, monitor commands to industrial systems and launch destructive attacks against the devices it infects. And it can do all of this beyond the reach of many types of network defenses that don't protect routers.
How it links to Russian intelligence: The code in VPNFIlter overlaps with Russia's BlackEnergy malware that has been used to attack energy infrastructure in Ukraine. The Talos report notes this is not a definitive link — another attacker may be coopting Russian malware — but VPN filter is aggressively targeting Ukraine.