Cisco Systems Inc warned this Wednesday that Ukraine is in for a cyber attack in the near future as hackers have infected at least 500,000 routers and storage devices in dozens of countries. Cisco’s cyber intelligence unit is confident that the Russian government is behind the campaign. Ukraine’s SBU state security service said that Russia has likely planned an attack against Ukraine ahead of the Champions League soccer final which is to be held in Kiev. However, Russia has previously denied any sort of accusations made against them by the USA or other countries. One of the accusations is the famous rigging of 2016 US presidential elections.
Cisco said that the new malware could be used to interfere with any internet communication and this may lead to destructive attacks on Ukraine. An official at the Cisco mentioned, “Security Service experts believe the infection of hardware on the territory of Ukraine is preparation for another act of cyber-aggression by the Russian Federation aimed at destabilizing the situation during the Champions League final.”
A non-profit group called Cyber Threat Alliance will warn everyone about the malware attack. But the notification or warning will be sent to the members of the group. The members include Cisco, Check Point Software Technologies, Fortinet Inc, Palo Alto Netwroks Inc, Sophos Group Plc and Symantec Corp. Everyone should take this seriously since the devices infected with the VPNFilter have already scattered across at least 54 countries but Cisco, in particular, is determined that they are specifically targeting Ukraine following a surge in infections in that country on May 8.
Possibly the attack is timed to take place around the time when the country celebrates Constitution Day which is on June 28th. This claim cannot wholly be done away with since the previous attacks have taken place on holidays or the days leading up to them like in 2017 the “NotPetya” attack hit the country shortly before Christmas.
Cisco researcher Craig Williams has said, “VPNFilter gives hackers remote access to infected machines, which they can use for spying, launching attacks on other computers or downloading additional types of malware. The researchers discovered one malware module that targets industrial computers, such as ones used in electric grids, other infrastructure and in factories. It infects and monitors network traffic, looking for login credentials that a hacker can use to seize control of industrial processes. The malware also includes an auto-destruct feature that hackers can use to delete the malware and other software on infected devices, making them inoperable.”