INSUBCONTINENT EXCLUSIVE:
Image copyrightReutersImage caption
The Champions League final between Liverpool and Real Madrid takes place in Kiev on
Saturday
Preparations for a cyber-attack on Ukraine have been thwarted by the FBI.It seized a website that was helping
communicate with home routers infected with malware that would carry out the digital bombardment.More than 500,000 routers in 54 countries
had been infected by the "dangerous" malware and the FBI is now trying to clean up infected machines.The Kremlin has denied an allegation by
Ukraine that Russia was planning a cyber-attack on the country.A key step in thwarting the attack came on 23 May when a US court ordered
website registrar Verisign to hand over control of the ToKnowAll.com domain to the FBI
Infected machines regularly contacted that domain to update the malware with which they were infected
By taking control of the domain, the FBI will be able to log the location of infected machines and co-ordinate efforts to clean them up.A
state-sponsored group known as Sofacy/Fancy Bear has been identified as both developing the malware and preparing the attack."This operation
is the first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a
variety of malicious purposes," said John Demers, assistant attorney general for National Security, in a statement.Details of the
preparation were shared by Cisco's Talos security team which said it had been monitoring the "advanced, state-sponsored" attack for months
In a blog it said malware, which it dubbed VPNFilter, used several sophisticated methods to compromise routers
Image copyrightReutersImage caption
Ukraine's energy grid has been attacked twice by hackers
In
particular, it said, the malicious software had been coded to survive even when infected devices were turned off and on
In the past, infected devices have only needed a reboot to remove the malicious code.Cisco added that the malware included a "kill" command
that would render devices unusable if it were used.In all, 14 models of home routers made by Linksys, Mikrotik, Negear and Qnap were
Cisco said it had seen widespread scans seeking out routers with known vulnerabilities that the malware could exploit
Cleaning out the infection involves returning devices to their initial factory settings
Users are also being urged to update the firmware on their router to remove vulnerabilities exploited by the malware
Cisco said it went public with the information it had gathered because earlier this month it saw a sudden spike in scanning and a particular
focus on home routers in Ukraine
The VPNFilter code shares some similarities with the Black Energy malware used in attacks on Ukraine's power grid.The target of the expected
attack is not clear but Reuters suggested the network of infected machines could be used to cause disruption on Saturday when the Champions
League final is played in Kiev.
