Skip to Content

Attack on Cisco routers just got a lot bigger

A 10801A 10801

A major cyber attack on routers from Cisco Systems is worse than previously believed, according to a report Monday by security research group Shadowserver Foundation.

Hackers have installed a nasty type of malware called SYNfull Knock on nearly 200 Cisco routers used by businesses worldwide, the report said. The malware is dangerous because it lets attackers hijack the devices used to direct Internet traffic and steal company data.

Previously, cyber security firm FireEye (FEYE) reported that only 14 Cisco (CSCO) routers of companies in India, Philippines, Mexico, and the Ukraine were infected with the malware. Monday’s report by the Shadowserver Foundation, however, shows that compromised routers can now be found in 31 countries, with 65 of the devices located in the United States.

Based on the report, it seems that the U.S. is a significant target of whoever is responsible for the hacks. India comes in second after the U.S. with 12 tampered routers followed by Russia, which has 11.

The report does not list which companies have been affected. There have been no reports of company information being stolen as a result of the vulnerability.

Shadowserver partnered with Cisco to address the malware attack, according to a blog post written by Omar Santos, a principal engineer of Cisco’s product security incident response team. Both Cisco and Shadowserver are scanning the Internet to determine the severity of the router infections, Santos explained.

“We believe this activity supports Cisco efforts that are already underway to identify and alert customers to potential exposures,” Santos wrote.

The SYNfull Knock malware is said to affect older Cisco router models that are no longer being sold. Cisco recently posted a information online to help users whose equipment is infected with the bug. Last week, a Cisco spokesperson told Reuters that Cisco has reached out to customers and is telling them how to “harden their network, and prevent, detect and remediate this type of attack.”

At that time FireEye CEO Dave DeWalt told Reuters that the malware attack was so sophisticated only “a handful of nation-state actors” could pull it off.

DeWalt did not say which countries are suspected to be responsible for carrying out the attack.

Subscribe to Data Sheet, Fortune’s daily newsletter on the business of technology.

For more on cyber security, check out the following Fortune video: