Russia accused of plotting massive VPNFilter malware attack
A report published by Cisco Talos Intelligence Group has stated that over half a million network devices worldwide have been exposed to the VPNFilter malware. The software is capable of operating in an intelligence-gathering mode by stealing website credentials and monitoring network usage, and it is also able to provide a disconcerting destructive functionality that can shutdown infected devices. The statement from Talos provides information about the most likely affected devices:
The known devices affected by VPNFilter are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well at QNAP network-attached storage (NAS) devices.
A warning on the website for the US Computer Emergency Readiness Team (US-CERT) advises those with devices that might be infected to make sure all necessary security patches are downloaded and installed. Because of the apparent focus on networking devices in the Ukraine, it has been widely speculated that Russia is behind VPNFilter, with a possibility that there is intent to cause major disruption before the Champions League final, which is taking place in the Ukrainian capital of Kiev on Saturday.
This is not the first time Russia has been accused of planning such an attack. The Talos report mentions that the VPNFilter malware comes with a self-destruct ability, which if used would leave the infected device inoperable:
Lastly, the malware has a destructive capability that can render an infected device unusable, which can be triggered on individual victim machines or en masse, and has the potential of cutting off internet access for hundreds of thousands of victims worldwide.