Ukraine warns of possible Russian cyber attack

World
Europe

Hackers have infected at least 500,000 routers and storage devices in dozens of countries, some of the world’s biggest cybersecurity firms warned on Wednesday, in a campaign that Ukraine said was preparation for a future Russian cyber attack.

The US Department of Homeland Security said it was investigating the malware, which targets devices from Linksys, MikroTik, Netgear Inc, TP-Link and QNAP, advising users to install security updates.

Ukraine’s SBU state security service said the activity showed Russia was readying a large-scale cyber attack ahead of the Champions League soccer final, due to be held in Kiev on Saturday.

Cisco Systems Inc, which has been investigating the threat for several months, has high confidence that the Russian government is behind the campaign, according to Cisco researcher Craig Williams.

He cited the overlap of hacking code with malware used in previous cyber attacks that the US government have attributed to Moscow.

Cisco, which uncovered the campaign several months ago, alerted authorities in Ukraine and the US before going public with its findings of the malware it dubbed VPNFilter.

It also shared technical details with rivals who sell security software, hardware, and services so they could issue alerts to their customers and protect against the threat.

Cisco described the mechanisms that the malware uses to hide communications with hackers and a module that targets industrial networks like ones that operate electric grids, said Michael Daniel, the chief executive officer of Cyber Threat Alliance, a nonprofit group.

“We should be taking this pretty seriously,” said Daniel, whose group’s 17 members include Cisco, Check Point Software Technologies Ltd, Palo Alto Networks Inc, and Symantec Corp.

Cybersecurity firms, governments and corporate security teams closely monitor events in Ukraine, where some of the world’s most costly and destructive cyber attacks have been launched.

Cisco said it does not know what the hackers have planned. The malware could be used for espionage, to interfere with internet communications or launch a destructive attack like NotPetya, according to Williams.

The Kremlin did not immediately respond to a request for comment. Russia has denied assertions by nations including Ukraine and Western cyber-security firms that it is behind a massive global hacking program that has included attempts to harm Ukraine’s economy and interfering in the 2016 US presidential election.

Source(s): Reuters