Cisco’s Talos security intelligence group has reported on their discovery of a new malware variant called VPNFilter that is targeting home routers and firewalls. Cisco claims the malware has infected at least 500,000 home devices, primarily focused on home and small business routers and network connected storage devices. Brands impacted by the attack include Netgear, TP-Link, Linksys, Microtik, and QNAP.

Given the potential that the hacked routers were used against Ukrainian targets, it is believed that Russian government is behind the mass compromise. Infected routers can be used as private VPN leap boxes to proxy other malicious activity and can also be used as a multipurpose spy tool. Most concerning to security experts is a hidden “self destruct” feature that can cause the infected devices to become inoperable or “bricked” upon command.

According to the Cyber Threat Alliance, one intermediate step users can take is to reboot their home router which removes some of the malware (though it can be re-infected later). A more permanent fix will require that users reinstall the devices firmware. News of the mass compromise comes just one week after DHS released their cyber strategy and two weeks following Estonia’s report on Russian security threats.

For more details, read the Talos Blog Post