Cisco has spotted a massive malware attack that has currently infected over 500,000 routers and other devices in at least 54 countries.
The new malware, called VPNFilter, is mostly focused on Ukranian devices but it is also noticed in other countries as well. Devices affected by VPNFilter include Linksys, MikroTik, Netgear, TP-Link routers as well as QNAP network-attached storage (NAS) devices.
According to known details, the malware is incredibly complex as it includes boot persistence, scanning for SCADA components, and a firmware destruction function. It can be used to do a massive attack and also allows hackers to steal website credentials and data.
According to Cisco, the threat is directly related to APT28, which are also known as Fancy Bear and was considered as one of the two big Russian groups responsible for hacking during the 2016 U.S. presidential campaign.
Cisco also notes that the code overlaps with Blackenergy malware which has been used to cripple Ukraine’s power grid back in 2015 and 2016.
There is a general idea that a big attack might be coming on Saturday, May 26th, when the UEFA Champions League soccer final is taking place in Kiev or we could see an attack on June 27th, Ukraine’s Constitution Day.
Talos Intelligence and Cisco have notified international law enforcement and members of the Cyber Threat Alliance which could help to counter this threat.
You can check out more details as well as the full list of devices over at the Talos Intelligence blog.