FBI thwarts potential cyberattack on Ukraine
May 24, 2018Authorities in the United States said they broke up a potential digital attack called VPNFilter that affected half a million internet routers and could have caused widespread havoc in Ukraine.
The US Justice Department said this was the most recent attack programmed by the Sofacy Group, the Russian hackers — also known as Fancy Bear — are suspected of being behind
Most affected devices in Ukraine
- The largest number of infections was in Ukraine but affected routers in 54 countries, according to technology company Cisco Systems and antivirus company Symantec, which cooperated with the FBI during the operation.
- The FBI seized the domain toknowall.com and directed all traffic to it to a server configured by investigators, court documents said.
- Hackers could have rendered the routers unusable, which would have left hundreds of thousands of people without internet access.
Read more: New EU cyber strategy aims to cut crime and raise resilience
'A variety of malicious purposes'
The Justice Department said the malware "could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities."
While investigators said the hackers' motives remain unclear, Ukraine's SBU state security service said the potential cyberattack showed Russia was readying a large-scale disruption of a "large-scale event" in Ukraine, such as the Champions League soccer final, due to be held in Kyiv on Saturday, or upcoming Constitution Day celebrations in late June.
Moscow denied having a role in developing the hack. "Russia has not been planning a hacker attack using routers," Kremlin spokesman Dmitry Peskov said.
Read more: Why it's 'hard to protect yourself' online
What is Fancy Bear? Known by several names, including PT28, Pawn Storm, Sandworm, Sednit and the Sofacy Group, the hackers are blamed for engineering attacks on the Organization for Security and Cooperation in Europe, the World Anti-Doping Agency, the US Democratic Party as well as several internet disruptions in Ukraine. US intelligence and other computer security groups have linked the group to Russia's GRU military intelligence agency.
What could the cyberattack have done? Hackers would have been able to take over home and office internet routers to create a botnet to intercept and reroute internet traffic without users knowing they were affected.
Why conduct a cyberattack against Ukraine? Kyiv and Moscow-backed rebels have been engaged in a years-long conflict in eastern Ukraine that has repeatedly featured cyberoffensives. The NotPetya worm last year crippled critical systems, including hospitals, across the country and caused hundreds of millions of dollars in collateral damage around the globe.
How did the FBI stop the attack? Authorities took control of an internet domain the attackers were using to direct infected devices to prevent hackers from issuing commands to the routers, reported to be produced by Linksys, MikroTik, Netgear Inc, TP-Link and QNAP network storage devices.
Should I worry about my router? The FBI and cybersecurity firms released details of the potential hack before having a solid solution to fix it. Device manufacturers have recommended users ensure their devices are patched with the latest firmware versions.
sms/kms (AP, AFP, Reuters)