Concerns Arise Over Potential Cyber Attack Targeting Ukraine
According to BleepingComputer, some major fears are arising regarding a potential cyber attack that is targeting Ukraine. So far, over 500,000 routers, in 54 different countries, have been infected with a malicious virus deemed VPNFilter. The infected devices include:
- Linksys, Models: E1200, E2500, and WRVS4400N
- Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
- Netgear, Models: DGN2200, WNR1000, WNR2000, R6400, R7000, and R8000
- QNAP, Models: TS251 and TS439 Pro
- Other QNAP NAS devices running QTS software
- TP-Link R600VPN
The infections originated in 2016; however, fears are rising due to the major uptake in scanning activity and increased Ukrainian infections over the past few weeks.
But what does this mean? If successful, the attack could cripple routers and render a large part of Ukraine’s internet infrastructure unusable. Think about that for a minute. That would mean businesses, government agencies, and power plants — just to name a few — would have no internet access. Therefore, significantly impacting their daily functionality.
It is believed the malware variant has Russian ties due to VPNFilter’s code overlap with BlackEnergy, the malware variant that took down Ukraine’s power grid in late 2015 and early 2016. After investigation, it was determined BlackEnergy originated in Russia.
Cyber experts have two theories regarding the date of potential attack. Some believe it will be executed during the UEFA Champions League soccer final, which is scheduled to take place in Keiv, Ukraine’s capital on May 26th. Another theory is the attack will occur on Ukraine’s Constitution Day, June 27th; which also happens to be the date of last year’s NotPetya cyber-attack.