More than half a million routers and network devices in 54 countries have been infected with sophisticated malware, researchers at the Cisco Talos Intelligence Group warn.
The malware that security researchers call VPNFilter includes a router killswitch, can steal logins and passwords, and monitor industrial control systems.
An attack would have the potential to block Internet access for all devices, said William Largent, a Talos researcher, in a blog post on Wednesday.
Attacks on routers are not only a sensitive point because they can stop Internet access, but also because hackers can use the malware to monitor web activity, including the use of passwords. In April, US and British officials warned Russian hackers targeting millions of routers around the world and planned to launch massive attacks on the devices. In this announcement, the FBI called Routers a "tremendous weapon in the hands of an adversary."
"Anything is possible, this attack basically builds a hidden network that allows an actor to attack the world from a position attribution rather difficult," said Craig Williams, Talos director, in an email.
Talos said VPNFilter could be used in a future attack on Ukraine. The researchers said that the new malware shares many of the same codes used in popular Russian cyberattacks, calling the attack "probably state-sponsored".
VPNFilter has infected routers in Ukraine in particular at an "alarming rate" Infections in Eastern European country on 8 and 1
Netgear announced that VPNFilter is known and advises its users to upgrade their routers.
"Netgear is investigating this update and will update it as more information becomes available," a spokesperson said via email. Three network companies failed to respond to a request for comment.
The researchers released their findings out of concern for a possible attack on Ukraine. The country has repeatedly been the victim of Russian cyberattacks, including NotPetya ransomware, which has called US and British authorities "the most destructive cyber attack ever".
Researchers have also attributed a blackout in Ukraine for 2016 to Russian hackers who used malware to target industrial control systems.
The Cyber Threat Alliance, of which Cisco is a member, has informed companies about the destructive malware and called VPNFilter a "serious threat".
"It has destructive capabilities, and the flexible command structure of the malware gives the enemy the ability to" brick "these devices, which is not a capability normally built into such malware," said Michael Daniel, president of Cyber Threat Alliance. 19659005] Talos recommends users reset their routers to factory defaults to remove the potentially destructive malware and update their devices as soon as possible.
First published, May 23 at 6:52 pm PT.
Update, 7:12 pm PT : Adds a Comment by Talos & # 39; Director
Update, 7:39 pm PT: Netgear Response and Commentary from the Cyber Threat Alliance
Blockchain Decoded: CNET looks at the tech-power bitcoin – and soon a multitude of services that will change your life.
Follow Money: Digital money is changing the way we store, shop and work.