The FBI has put a spoke in the wheel of a major Russian digital disruption operation potentially aimed at causing havoc in Ukraine, evidence pieced together from researchers, Ukrainian officials and US court documents indicates.
Yesterday, network technology company Cisco Systems and antivirus company Symantec warnedthat a half-million internet-connected routers had been compromised in a possible effort to lay the groundwork for a cyber-sabotage operation against targets in Ukraine.
Court documents simultaneously unsealed in Pittsburgh the same day show the FBI has seized a key website communicating with the massive army of hijacked devices, disrupting what could have been and might still be an ambitious cyberattack by the Russian government-aligned hacking group widely known as Fancy Bear.
"I hope it catches the actors off guard and leads to the downfall of their network," said Craig Williams, the director of outreach for Talos, the digital threat intelligence unit of Cisco that cooperated with the bureau. But he warned that the hackers could still regain control of the infected routers if they possessed their addresses and the right resources to re-establish command and control.
FBI Assistant Director Scott Smith said the agency "has taken a critical step in minimizing the impact of the malware attack. While this is an important first step, the FBI's work is not done." Much about the hackers' motives remains open to conjecture.
Cisco said the malicious software, which it and Symantec both dubbed VPNFilter after a folder it creates, was sitting on more than 500,000 routers in 54 countries but mostly in Ukraine, and had the capacity to render them unusable a massively disruptive move if carried out at such a scale.
"It could be a significant threat to users around the world," said Williams. The US Justice Department said the malware "could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities."
Disclaimer: No Business Standard Journalist was involved in creation of this content