Cisco warns of Russian cyber attack on Ukraine and other countries
23 May 2018
Cisco Systems warned on May 23 that hackers have infected at least 500,000 routers and storage devices in dozens of countries with sophisticated malicious software, which Ukraine said was preparation for a future Russian cyber attack. In an interview with Reuters, Cisco cyber unit Talos Outreach director Craig Williams attributed the hacking campaign to Russia.
Cisco has high confidence that the Russian government is behind the campaign because the hacking software shares code with malware used in previous cyber attacks that the US government has attributed to Moscow.
Ukraine’s SBU state security service said the activity showed Russia was readying a large-scale cyber attack against Ukraine, possibly around the time of the Champions League soccer final, held in Kiev on May 26.
“Security Service experts believe the infection of hardware on the territory of Ukraine is preparation for another act of cyber-aggression by the Russian Federation aimed at destabilising the situation during the Champions League final,” it said in a statement after Cisco’s findings were released.
Russia has previously denied assertions by Ukraine, the United States, other nations and Western cyber-security firms that it is behind a massive global hacking program, which has included attempts to harm Ukraine’s economy and interfering in the 2016 U.S. presidential election.
Cisco said the new malware, dubbed VPNFilter, could be used for espionage, to interfere with internet communications or launch destructive attacks on Ukraine, which has previously blamed Russia for massive hacks that took out parts of its energy grid and closed down factories.
The warning about the malware - which includes a module that targets industrial networks like ones that operate the electric grid - will be amplified by alerts from members of the Cyber Threat Alliance (CTA), a nonprofit group that promotes the fast exchange of data on new threats between rivals in the cyber security industry.
The devices infected with VPNFilter are scattered across at least 54 countries, but Cisco determined the hackers are targeting Ukraine following a surge in infections in that country on May 8, Williams told Reuters.