Ukraine is waiting for the attack of the VPNFilter; is it still in Russia?
Cisco announces that more than 500,000 routers and other VPNFilter-infected network equipment are ready to launch a massive cybercriminal operation and will likely target the Ukrainian Internet infrastructure. The Ukrainian Cyber Security Authority also confirmed this and says there is evidence of Russia’s involvement in the attack.
The Champions League final, held Saturday night in Kiev (the capital of Ukraine), has been described as one of the targets of the attack, which could cause a huge disruption in the broadcast of this popular event. Cisco researchers have long been monitoring the malware and have introduced US and Ukrainian officials. The US says the code is similar to those previously used by Russia.
Currently, the FBI has captured and abandoned the domain associated with this Russian botnets. The US Department of Justice says that the network of tools infected with ransomware belongs to the Russian Fancy Bear or Sofacy group, which had previously infiltrated the Democratic National Committee of the United States. The VPNFilter ransom exploits the vulnerability of home and office routers to build companies like Llcis, Micro, NetGet, TP, Link, and QNAP.
According to information collected by the FBI, after every time the router resets, VPNFilter must re-connect to its infrastructure network, which is why, under the control of the ToKnowAll [dot] com domain, the risk of this botnet will be greatly reduced. . It is also possible to view the IP address of the infected machines on the malware. In this way, and in cooperation with ISPs, it is possible to remotely reset the connection of infected devices or inform users about this issue.