US investigators and cybersecurity experts have disrupted a potential cyberattack focused on Ukraine before it could happen, according to court documents. But users are still not safe from VPNFiter's effects quite yet.
Authorities in the United States said they broke up a potential digital attack called VPNFilter that affected half a million internet routers and could have caused widespread havoc in Ukraine.
The US Justice Department said this was the most recent attack programmed by the Sofacy Group, the Russian hackers — also known as Fancy Bear — are suspected of being behind cyberattacks on several governments, international agencies and infrastructure providers.
Most affected devices in Ukraine
'A variety of malicious purposes'
The Justice Department said the malware "could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities."
While investigators said the hackers' motives remain unclear, Ukraine's SBU state security service said the potential cyberattack showed Russia was readying a large-scale disruption of a "large-scale event" in Ukraine, such as the Champions League soccer final, due to be held in Kyiv on Saturday, or upcoming Constitution Day celebrations in late June.
Moscow denied having a role in developing the hack. "Russia has not been planning a hacker attack using routers," Kremlin spokesman Dmitry Peskov said.
What is Fancy Bear? Known by several names, including PT28, Pawn Storm, Sandworm, Sednit and the Sofacy Group, the hackers are blamed for engineering attacks on the Organization for Security and Cooperation in Europe, the World Anti-Doping Agency, the US Democratic Party as well as several internet disruptions in Ukraine. US intelligence and other computer security groups have linked the group to Russia's GRU military intelligence agency.
What could the cyberattack have done? Hackers would have been able to take over home and office internet routers to create a botnet to intercept and reroute internet traffic without users knowing they were affected.
Why conduct a cyberattack against Ukraine? Kyiv and Moscow-backed rebels have been engaged in a years-long conflict in eastern Ukraine that has repeatedly featured cyberoffensives. The NotPetya worm last year crippled critical systems, including hospitals, across the country and caused hundreds of millions of dollars in collateral damage around the globe.
How did the FBI stop the attack? Authorities took control of an internet domain the attackers were using to direct infected devices to prevent hackers from issuing commands to the routers, reported to be produced by Linksys, MikroTik, Netgear Inc, TP-Link and QNAP network storage devices.
Should I worry about my router? The FBI and cybersecurity firms released details of the potential hack before having a solid solution to fix it. Device manufacturers have recommended users ensure their devices are patched with the latest firmware versions.
sms/kms (AP, AFP, Reuters)