Russian Federation hacks 500,000 routers in attempt to attack Ukraine

Image      The Champions League final is to be held in Kiev on Saturday

Image The Champions League final is to be held in Kiev on Saturday

The code of this malware overlaps with versions of the BlackEnergy malware, which was responsible for multiple large-scale attacks that targeted devices in Ukraine.

Cisco has discovered about 500,000 infected devices, but believes the actual number may be much higher.

According to the researchers, Russian hackers have used a sophisticated malware called "VPNFilter" to infect over 500,000 routers and network devices in at least 54 countries.

The researchers warned that VPNFilter is infecting Ukrainian hosts "at an alarming rate", using a command and control (C2) infrastructure dedicated to that country.

The Kremlin and St Basil's Cathedral in Moscow
Image The Kremlin has been accused of multiple acts of cyber aggression in recent years

Researchers are still unaware how these devices are getting affected. Stage 3 implants are known to exist as plugins that extend the function of the stage 2 malware.

The botnet has been slowly growing since at least 2016, the researchers say, and now consists of at least 500,000 infected devices in some 54 countries around the world.

What makes VPNFilter so advanced, among other reasons, is the fact that it can maintain persistence even after a device is restarted.

Ukraine's SBU security service said earlier on May 23 that its experts believe Russian Federation was planning an attack during the final game in the soccer tournament.

More news: Celtics vs Cavs Score Game 6: NBA Playoffs Results Today

Martin Lee, technical lead for security research at Cisco Talos, also expressed his concerns, stating: "What is also worrying is that this malware has a module which targets MODBUS, a protocol used to operate industrial control systems which may be found in power stations or railway track point controls". They also are urging internet service providers to work with customers on making sure their routers are up to date with security patches.

Researchers also commented on the complexity of the threat posed, stating: "Defending against this threat is extremely hard due to the nature of the affected devices".

The United States Justice Department shortly after announced seizing a domain used in the botnet campaign.

The Cyber Threat Alliance, which Cisco is a member of, has briefed companies about the destructive malware, calling VPNFilter a "serious threat".

More news: Here's How To Avoid Memorial Day Traffic in Southern California

The US Justice Department said Wednesday (May 23) that it had seized an internet domain that directed a unsafe botnet of a half-million infected home and office network routers, controlled by hackers believed tied to Russian intelligence. The seizure of ToKnowAll.com is a major coup because it closes a secondary channel and may also provide previously unavailable information the Federal Bureau of Investigation can use to begin the process of helping ISPs and end users disinfect the devices.

But despite not having boot persistence, the Stage Two module is also the most unsafe, as it contains a self-destruct function that overwrites a critical portion of the device's firmware, and reboots the device.

"This operation is the first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities".

Cisco added that the malware included a "kill" command that would render devices unusable if it were used.

More news: Relentless Cristiano Ronaldo can break more Champions League records in final

It is unknown what exactly the hackers are going to do, Cisco says.

Recommended News

  • Nipah Virus: How it spreads, symptoms and treatment of the infection

    Nipah Virus: How it spreads, symptoms and treatment of the infection

    Nipah virus (NiV) infection is a newly emerging zoonosis that causes severe illness in both animals and humans. Nipah is a highly infectious virus carried by fruit bats that causes inflammation of the brain in humans.
    LeBron James has found his new favorite reporter

    LeBron James has found his new favorite reporter

    That season, Boston knocked out James and the Cavs in six games in the second round, and James left the Cavs for the Miami Heat. LeBron James, 33, not only played them all; he led the National Basketball Association in minutes played in the regular season.
    Ireland referendum could lift abortion ban

    Ireland referendum could lift abortion ban

    The result is expected to be close after a polarising campaign, but the latest polls suggest voters are ready to overturn the ban. Leo Varadkar accused campaigners opposing a referendum on liberalising Ireland's abortion regime of trying to dupe voters.
  • Major League Baseball  rumors: Red Sox dumping DH Hanley Ramirez | What it means

    Major League Baseball rumors: Red Sox dumping DH Hanley Ramirez | What it means

    The 34-year-old Pedroia has spent all season on the disabled list after undergoing surgery on his left knee in October. He received a standing ovation when he came up with the bases loaded and two outs in the first.
    Logan's James Mangold Is Making A Boba Fett Star Wars Spin-Off Movie

    Logan's James Mangold Is Making A Boba Fett Star Wars Spin-Off Movie

    It looks like we're getting a Boba Fett spinoff film after all. "And all of that seems like it would be fun to write, for sure ". The highly-anticipated Obi-Wan Kenobi solo film is now in negotiations with Stephen Daldry of Billy Elliot fame to direct.
    Elia Viviani wins stage 17 in Iseo

    Elia Viviani wins stage 17 in Iseo

    On Wednesday the race heads through the Italian lake country for a flat finish in Iseo, which will be the final chance for breakaway specialists to target a stage win.
  • PHL eyeing oil from non-Opec countries

    PHL eyeing oil from non-Opec countries

    West Texas Intermediate for July delivery slid 70 cents to US$71.14 a barrel at 11:05 a.m. on the New York Mercantile Exchange. Oil retreated from the highest price in more than three years after surprise increases in US crude and gasoline stockpiles.
    Police Apologize for Arrest of Bucks Guard Sterling Brown

    Police Apologize for Arrest of Bucks Guard Sterling Brown

    The department said it decided not to present the case to the Milwaukee County District Attorney's Office for charges. He was not characterized as a ringleader and was dismissed from at least one of those suits.
    Qualifier 2 match - Summary

    Qualifier 2 match - Summary

    The "Bharat Ane Nenu" actor, who was excited about Hyderabad making it to the finals, tweeted, "Take a bow Rashid Khan". As expected, Rashid was adjudged Man Of The Match for his remarkable all-round performance at the Eden.
  • Lineker: OMG! Bale has out Ronaldo'd Ronaldo with overhead kick. Incredi-BALE

    Lineker: OMG! Bale has out Ronaldo'd Ronaldo with overhead kick. Incredi-BALE

    Yet the young Liverpool goalkeeper would once again commit another error, and this one put the nail in the Reds' coffin. Three in a row, Zidane absolutely got it spot on, and you wouldn't bet against a fourth next year either.
    Ireland prepares for abortion referendum

    Ireland prepares for abortion referendum

    One antiabortion campaign features children and adults with genetic disorders and messages such as, "I was nearly aborted". A woman pushes her bicycle past a Pro-Choice mural ahead of a 25th May referendum on abortion law, in Dublin , Ireland .
    Yulia Skripal plans to return to Russian Federation

    Yulia Skripal plans to return to Russian Federation

    The Russian Embassy in London issued a statement that said, " We are glad to have seen Yulia Skripal alive and well ". Moscow accuses Britain of failing to provide any evidence and stonewalling Russian requests for information.

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.