Cisco Systems has warned that hackers have infected at least 500,000 routers and storage devices in dozens of countries with malicious software, Reuters reported.
Cisco’s Talos cyber intelligence unit said it has confidence that the Russian government is behind the campaign, dubbed VPNFilter, possibly in preparation for another massive cyber attack on Ukraine.
Cisco said the hacking software shares code with malware used in previous cyber attacks that the U.S. government has attributed to Moscow.
The malware may be used for espionage, to interfere with internet communications or launch destructive attacks on Ukraine, which has previously blamed Russia for massive hacks that took out parts of its energy grid and shuttered factories.
The Russian government has denied assertions by Ukraine, the United States, other nations and western cyber-security firms that the Kremlin is behind a global hacking program. Media reports earlier said Russia made attempts to harm Ukraine’s economy and interfering in the 2016 U.S. presidential election.
The warning about the malware – which includes a module that targets industrial networks like ones that operate the electric grid – will be amplified by alerts from members of the Cyber Threat Alliance (CTA), a non-profit group that promotes the fast exchange of data on new threats between rivals in the cyber security industry.
Members include Cisco, Check Point Software Technologies, Fortinet, Palo Alto Networks, Sophos Group and Symantec.
“We should be taking this pretty seriously,” CTA Chief Executive Officer Michael Daniel said in an interview.
Cisco shared technical details on VPNFilter with the group during a video briefing describing what it has learned over the past few months analyzing the campaign.
While VPNFilter infects routers and internet-connected storage devices used in home offices and small offices, the compromised devices can be used to launch attacks on larger targets. The report said infected devices are scattered across at least 54 countries.
Cisco determined the hackers are targeting Ukraine following a surge in infections in that country on May 8. VPNFilter gives hackers remote access to infected machines, which they can use for spying, launching attacks on other computers or downloading additional types of malware.
