VPNFilter Malware Info (aka Russian Hack)

VPNFilter Malware

(Note: VPNFilter Malware is also called  Russian Hack, Sofacy, Fancy Bear, APT 28, and Pawn Storm)

VPNFilter is malicious software that has been installed by remote users onto some routers made by a number of companies.  However, we know of no case where it has been installed on a Motorola cable modem/router, DSL modem/router, or router.  Because of the Broadcom technology used in all of the following products, they are far less vulnerable to attack than routers made by many other companies: MG7310, MG7315, MG7540, MG7550, MG7700,  MD1600.

VPNFilter is believed to install itself by targeting known vulnerabilities of some products but not ours.  VPNFilter focuses its attacks on devices that run Linux based software running on the embedded operating system, BusyBox.  The products listed above do not run this vulnerable operating system.

VPNFilter is a very targeted attack. Although the Motorola MR1700, MR1900, and MR2600 do run Linux based software on BusyBox they have not been targeted in a VPNFilter attack.  However, this attack highlights the need to do basic things that help secure your router and network.  Motorola recommends that you consider doing the following:


  1. Only allow remote access if you need it. None of our products has remote access turned on when it’s fresh from the factory.  You should only turn on remote access if you want to use it.


  1. Change the password for logging into your modem. (This is not the same password as your wireless password). Many attacks take advantage of default passwords to gain access to a router that has remote access turned on. Our products’ instructions describe how to take the simple step of changing the remote access password.
    Instructions to change password HERE


If you have any questions or need our Technical Support, please email or call us at:


Monday-Friday 8:30am-10pm.  Saturday 8:30am-5pm Eastern Time


Have more questions? Submit a request


Article is closed for comments.