Russian hackers infect over 500,000 routers worldwide with malware
According to researchers from Cisco's cyber intelligence unit Talos, Russian hackers have infected over 500,000 routers and network devices in at least 54 countries with a sophisticated malware called VPNFilter. The malware can be used for spying, "intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities." Routers from Linksys, MikroTik, Netgear, and TP-Link have been affected.
VPNFilter contains a killswitch for routers, can steal passwords
The malware can halt internet access for all devices connected to the affected router. It can be used to remotely monitor web activity, launch attacks, and download other malware. It also contains an auto-destruct feature that hackers can remotely activate to delete the malware. Through it, hackers can monitor industrial networks and control systems, steal their login credentials, and seize control of industrial processes.
The US government's takedown effort, disruption of "botnet"
According to reports, the FBI has already seized an internet domain that was being used by the Russian hackers to control the infected devices. The Russian hacking group called Sofacy (and Apt28 and Fancy Bear), which is deemed to behind the attack, has been targeting government, military, and security organizations since 2007. Users are recommended to factory reset their routers and update their devices.
Concerns over Russia planning a cyberattack against Ukraine
According to Talos, the malware is most "likely state-sponsored" and can be used in an upcoming cyberattack on Ukraine, which could be as soon as June 28. Security researchers said VPNFilter shares code with known Russian cyberattacks. Further, on May 8 and May 17, the malware infected routers in Ukraine at an "alarming rate." It could be used for espionage and disrupting internet communications.
Ukraine has previously blamed Russia of massive cyberattacks
In June 2017, the "NotPetya" ransomware, which has been called the "most destructive cyberattack ever", disabled computer systems in Ukraine. In 2016, Russia allegedly hacked Ukraine's power grid causing a nation-wide blackout. As mentioned before, they used malware to target industrial control systems.
