US to seek control of infected routers to curb alleged Russian cyberattack on Ukraine

Reuters
The report calls for strong bilateral agreements on cybercrime investigations, information sharing, intelligence among others.

The US government said late on 23 May that it would seek to wrestle hundreds of thousands of infected routers and storage devices from the control of hackers who security researchers warned were planning to use the "botnet" to attack Ukraine.

A federal judge in Pennsylvania gave the FBI permission to seize an internet domain that authorities charge a Russian hacking group known as Sofacy was using to control infected devices.

The order allows them to direct the devices to communicate with an FBI-controlled server, which will be used to query location to pass on to authorities around the globe who can remove malware from infected equipment.

"This operation is the first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities," Assistant Attorney General for National Security John Demers said in a statement.

The US government announced the takedown effort after Cisco Systems Inc early on 23 May released a report on the hacking campaign that it said targeted devices from Linksys, MikroTik, Netgear Inc, TP-Link and QNAP.

Cisco said the largest number of infections from the VPNFilter malware were in Ukraine, which led it to believe Russia was planning an attack on that country.

Cisco shared technical details with the United States and Ukraine governments as well as rivals who sell security software, hardware and services.

Ukraine's SBU state security service responded to the report by saying it showed Russia was readying a large-scale cyberattack ahead of the >Champions League soccer final, due to be held in Kiev on Saturday.

Cybersecurity firms, governments and corporate security teams closely monitor events in Ukraine, where some of the world's most costly and destructive cyberattacks have been launched.

The Kremlin did not respond to a request for comment.

Russia has denied assertions by nations including Ukraine and Western cyber-security firms that it is behind a massive global hacking programme that has included attempts to harm Ukraine's economy and interfering in the 2016 US presidential election.

Netgear and Linksys advised customers to make sure their routers are patched with the latest version of its firmware.

MikroTik, TP-Link and QNAP could not be reached.

Also See: Champions League: Liverpool, Real Madrid fans livid as Kiev hotels start charging 100 times standard rates for final

Arsenal's Arsene Wenger predicts introduction of European super league to challenge Premier League's success

Serie A: Massimilliano Allegri's patience, belief guide aging Juventus to 7th consecutive Scudetto

Read more on News & Analysis by Firstpost.