In late May, malware known as VPNFilter began targeting routers from Linksys, Mikrotik, Netgear, QNAP and TP-Link, as well as network-attached storage (NAS) devices from QNAP. The malware operates in three stages. First, it is installed and maintains a persistent presence on the device so it can contact a command-and-control (C&C) server to download additional modules.