Hackers infect more than 500,000 devices as malicious attack looms

Tech giant has high confidence that Russian government is behind the campaign

Cisco has warned that hackers have infected at least 500,000 routers and storage devices in dozens of countries with sophisticated malicious software - activity Ukraine said was preparation for a future Russian cyber attack.

Cisco's Talos cyber intelligence unit has high confidence that the Russian government is behind the campaign, according to Cisco researcher Craig Williams, because the hacking software shares code with malware used in previous cyber attacks that the US Government has attributed to Moscow.

Talos said in a blog post that it estimated the number of infected devices to be at least 500,000 in at least 54 countries. 

"The known devices affected by VPNFilter are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well at QNAP network-attached storage (NAS) devices," it said. "No other vendors, including Cisco, have been observed as infected by VPNFilter, but our research continues."

Ukraine's SBU state security service said the activity showed Russia was readying a large-scale cyber attack against Ukraine ahead of the Champions League soccer final, due to be held in Kiev on Saturday.

"Security Service experts believe the infection of hardware on the territory of Ukraine is preparation for another act of cyber aggression by the Russian Federation aimed at destabilising the situation during the Champions League final," it said in a statement after Cisco's findings were released.

Russia has previously denied assertions by Ukraine, the United States, other nations and Western cyber security firms that it is behind a massive global hacking program, which has included attempts to harm Ukraine's economy and interfering in the 2016 U.S. presidential election.

The Kremlin did not immediately respond to a request for comment on Wednesday.

Cisco said the new malware, dubbed VPNFilter, could be used for espionage, to interfere with internet communications or launch destructive attacks on Ukraine, which has previously blamed Russia for massive hacks that took out parts of its energy grid and shuttered factories.

"With a network like this you could do anything," Williams said.

Constitution day attack

The warning about the malware - which includes a module that targets industrial networks like ones that operate the electric grid - will be amplified by alerts from members of the Cyber Threat Alliance (CTA), a nonprofit group that promotes the fast exchange of data on new threats between rivals in the cyber security industry.

Members include Cisco; Check Point Software Technologies; Fortinet; Palo Alto Networks; Sophos and Symantec.

“We should be taking this pretty seriously," CTA CEO Michael Daniel said in an interview.

The devices infected with VPNFilter are scattered across at least 54 countries, but Cisco determined the hackers are targeting Ukraine following a surge in infections in that country on 6 May, Williams said.

Researchers decided to go public with what they know about the campaign because they feared the surge in Ukraine, which has the largest number of infections, meant Moscow is poised to launch an attack there next month, possibly around the time the country celebrates Constitution Day on 28 June, Williams said.

Some of the biggest cyber attacks on Ukraine have been launched on holidays or the days leading up to them.

They include the June 2017 "NotPetya" attack that disabled computer systems in Ukraine before spreading around the globe, as well as hacks on the nation's power grid in 2015 and 2016 that hit shortly before Christmas.

VPNFilter gives hackers remote access to infected machines, which they can use for spying, launching attacks on other computers or downloading additional types of malware, Williams said.

The researchers discovered one malware module that targets industrial computers, such as ones used in electric grids, other infrastructure and in factories. It infects and monitors network traffic, looking for login credentials that a hacker can use to seize control of industrial processes, Williams said.

The malware also includes an auto-destruct feature that hackers can use to delete the malware and other software on infected devices, making them inoperable, he said.

(Writing by Jim Finkle and Jack Stubbs; Editing by Mark Heinrich)

Article updated to clarify that Cisco devices have not been targeted.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags securitycisco

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Reuters

Reuters

Channel Asia Singapore
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?