You're reading: SBU, FBI wrestle with cybercriminals closing in on Kyiv’s Champions League match

Days before the final match of Europe’s prestigious soccer tournament, Champions League, Ukraine’s security service and the FBI are still fighting cybercriminals alleged to have organized a massive cyberattack to hit Ukraine as the game kicks off on May 26.

The FBI said on May 23rd that they’d broken up a potential digital attack that would cause widespread havoc in the country, having infected hundreds of thousands of devices in 54 countries.

But later in the day, Ukraine’s SBU warned that local government and private enterprises are not safe from the cyberattack quite yet – hackers still plan to launch a massive strike on the country.

Authorities say that the hundreds of thousands of devices remain infected by the malware, while both governments, Ukrainian and the U.S., seek to avert harm.

Hackers use malware called VPNFilter. It attacks internet routers, taking control of them and of all the information passed through them, including the data people fill in in browsers: bank details, passwords. Routers MikroTik, TP-Link, and QNAP are some of the most vulnerable.

According to Assistant Attorney General for U.S. National Security John Demers, the malware “could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities.”

VPNFilter has been infecting global internet users since 2016.

According to the Ukrainian and American law enforcement, the group behind the attack is called the Sofacy Group, also known as Russian’s Fancy Bear.

Moscow denies any involvement, with Kremlin spokesman Dmitry Peskov saying, “Russia has not been planning a hacker attack using routers.”

According to Cisco, the preparations made for the attack resemble the ones made in late 2015, when power company Prykarpattyaoblenergo suffered a major attack that led to blackouts across western Ukraine.

In that attack, about 230,000 Ukrainians were plunged into darkness for six hours after hackers inserted malware into control systems of part of the oblast grid. Ukraine has blamed Russia for the attacks, and the malware used, BlackEnergy, has its origins in Russia, according to experts. However, there is no definitive link between that cyberattack and the Russian government, according to U.S. officials.

Cisco, as well as Netgear and Linksys router producers, advice everybody to patch the routers with the latest version of their firmware.

The Kyiv Post’s technology coverage is sponsored by Ciklum and NIX Solutions. The content is independent of the donors.