By Barry Eitel
SAN FRANCISCO (AA) – Cybersecurity firms on Wednesday warned that hackers have infiltrated some 500,000 routers and other devices worldwide in a campaign apparently targeting Ukraine.
Both the government of Ukraine and the Department of Homeland Security in the United States have pointed to Russia as the culprit behind the cyberattack.
Analysts at Talos, the cybersecurity division of computer systems company Cisco, say that malware called VPNFilter has infiltrated devices in some 54 nations.
"While this isn't definitive by any means, we have also observed VPNFilter, a potentially destructive malware, actively infecting Ukrainian hosts at an alarming rate, utilizing a command and control infrastructure dedicated to that country," Talos said in an announcement.
Talos echoed sentiments from the DHS that VPNFilter is related to code discovered in other, earlier Russian hacking operations. The attack appears either related to a national holiday in Ukraine, Constitution Day, scheduled for next month, or the upcoming UEFA Champions League soccer final scheduled to take place in Kiev on May 26.
The Security Service of Ukraine (SBU) warned Wednesday that it expected a large-scale hacking to occur related to VPNFilter ahead of the match.
The malware apparently targets routers and other systems that often do not have cybersecurity protections.
“The types of devices targeted by this actor are difficult to defend,” Talos said.
Alarmingly, VPNFilter appears able to both shut down devices and possibly delete other software.
“VPNFilter has a destructive capability that can make the affected device unusable,” the DHS said in an alert Wednesday. “Because the malware can be triggered to affect devices individually or multiple devices at once, VPNFilter has the potential to cut off internet access for hundreds of thousands of users.”
In 2017, hackers linked to the Russian government by the U.S. launched the global NotPetya malware attack around the Ukrainian holiday. Since Russia annexed Crimea four years ago, the government has been connected to multiple cyberattacks impacting Ukraine.