Russian Federation accused of plotting massive VPNFilter malware attack

Galtero Lara
May 27, 2018

The most likely targets for a cyber-attack are Saturday, May 26, the date of the UEFA Champions League soccer final, set to take place this year in Ukraine's capital, Kiev.

"Based on the actor's demonstrated knowledge of these devices, and the existing capability in some stage 2 versions, we assess with high confidence that the actor could deploy this self-destruct command to most devices that it controls, regardless of whether the command is built into the stage 2 malware", the report continues.

Russian hackers similarly launched a major cyberattack on Ukraine's Constitution Day past year, ravaging computers as part of an effort to disrupt the country's financial system.

The malware's principal capabilities, the company said, included stealthy intelligence-collecting, monitoring industrial-control software and, if triggered, "bricking" or disabling routers.

The malware can stop internet access for all devices connected to the affected router.

It has infected an estimated 500,000 routers and net-attached storage devices in at least 54 countries worldwide. "The others might even send out letters to the home users urging them to restart their devices".

Dubbed "VPNFilter", the sophisticated modular malware framework allows for an attacker to scan the internet for vulnerable systems and quickly infect devices that are both extremely popular and hard to patch.

Researchers said the malware has destructive capabilities that allow an attacker to either infect a device or render it unusable.

More news: Garantiza Corral a minera seguridad para seguir operando - Las Noticias de Chihuahua

The US Department of Homeland Security said it was investigating the malware, which targets devices from Linksys, MikroTik, Netgear, TP-Link and QNAP, advising users to install security updates.

By Wednesday, as details of the VPNFilter were made public, the Federal Bureau of Investigation gained control of the address, allowing it to create a sinkhole and redirect traffic from infected devices to a server under the FBI's control, rendering the connection useless to the attackers.

Ukraine issued an alert yesterday alleging Russian Federation was planning to use the infected routers to attack local internet users during this Saturday's Champions League final in Kiev.

The ToKnowAll.com domain seized Wednesday hosted a backup server for uploading a second stage of malware to already-infected routers in the event a primary method, which relied on Photobucket, failed.

Some 500,000 computers have been discovered to be infected with a new malware, dubbed VPNFilter, and those computers are believed to be a sort of a botnet meant to enact a huge cyberattack very soon, probably against Ukraine, Cisco analyst Craig Williams told Reuters Wednesday. Changing any default credentials is also a good idea, and so is turning off remote management of the device.

The U.S. Justice Department said the malware "could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities".

Since there's no easy way to determine whether a device has been compromised by the VPNFilter malware or not, Cisco researchers advise all owners of the targeted SOHO and NAS devices to go through those steps. Cisco said it could sever internet hundreds of thousands of internet connections at once.

Otros informes por

Discuta este artículo

SIGUE NUESTRO PERIÓDICO