Russia Denies Planning a Router Botnet Cyberattack on Ukraine

Moscow Russia

The Kremlin has denied planning a major cyberattack on Ukraine during this weekend’s Champions League final, a major soccer sporting event watched by hundreds of millions of people around the world.

For context, Ukraine’s SBU security service warned of an imminent malware threat of hundreds of thousands of routers preparing for an assault on Ukraine, squarely pointing the finger at Russian operatives. Specifically, the attackers were said to be Saturday’s European Cup final in Kiev, Ukraine.

The malware feared to be included in the attack bears resemblance to the code used in previous cyberattacks linked back to Russia by the US government. The operatives installed malicious plugins every time a router connected to a particular domain, which has since been seized by the FBI. While the plugins vanish everytime an infected device is rebooted, the source malware code is left behind. The malware was hosted on a Photobucket page containing pictures, which has also been removed.

Over 500,000 routers have been infected across 54 countries in all with the FBI now undertaking an effort to sweep and get rid of the malware, dubbed VPNFilter.

After taking control of the domain, the FBI now has the means to log the location of infected machines in order to co-ordinate efforts to clean them up.

“This operation is the first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes,” said John Demers, assistant attorney general for National Security, in a statement.

In response to the accusations, Kremlin spokesman Dmitry Peskov told reporters in a conference call on Thursday:

Russia has not been planning a hacker attack using routers.

Image credit: Pexels.