The Cyber Threat Alliance (CTA) posted an update on the perilous VPNFilter malware first reported in May 2018. According to its blog, the combined efforts of federal law enforcement, members of the CTA and affected networks diluted the most dangerous aspect of the multilevel malware.
Here is an excerpt from the report by Neil Jenkins:
… the destructive module of VPNFilter was never employed. So that’s a good thing. Based on our collective visibility it appears that VPNFilter activity has been severely degraded since the release of information in May and operational coordination actions with law enforcement, intelligence organizations, and CTA and its members. Talos has seen no signs of the actor trying to reconnect with the devices that still have the Stage 1 malware, and most C2 channels for the malware have been mitigated. While it is highly unlikely that the highly capable actor behind VPNFilter has stopped their activities, it does appear that they were forced to abandon the VPNFilter framework due to these coordinated actions.