As many as 500,000 devices in 54 countries might be compromised.
Cisco released the report on Wednesday after observing a spike this month in infections in the Ukraine, which accused Russian Federation of planning an attack to coincide with Saturday's Champions Cup final in Kiev.
VPNFilter has also been targeting devices in Ukraine, which Talos notes "isn't definitive by any means".
The U.S. government says it has seized a critical web domain, called toknowall.com, which the Russian hackers were using to disseminate the malware.
The FBI on Friday sent out a notice recommending that anyone with a small office or home office router reboot (turn on and off) their devices to stop the malware. The devices should then be secured with passwords and encryption.More news: Rockets lose Game 7 to Warriors 101-92
Having the malware on your router puts you at risk of data theft - any data travelling through the router is at risk - as well as DDOS attacks and attacks on other devices.
If you have a home or small business router that allows you to run phones, tablets and other devices over a Wi-Fi network, there is an important message you need to know about that was disseminated by the Federal Bureau of Investigation.
See: What is phishing?
"They can literally just decide they're going to kill off your Internet connection", Colburn said.
The addresses are being shared with the non-profit cyber security group, The Shadowserver Foundation, which will disseminate the addresses to foreign CERTs and ISPs.
Cisco's analysis found that VPNFilter has a two-stage infection process, with the first stage being capable of surviving a reboot. IoT started with computers, phones and tablets, but quickly has expanded to include voice-over-internet phone services, doorbells, security camera networks, thermostats, connected home devices such as Alexa, and even refrigerators.