- Ukraine’s secret service reports that it stopped a potentially disastrous malware attack on a chlorine distillation plant.
- The attack involved VPNFilter which attacks in three separate stages and can’t be stopped by a reboot.
- VPNFilter was designed by Russian military group called APT28 – which means that Ukraine blames Russia for the attack.
Ukraine’s Secret Service (SBU) is in an uproar after a VPNFilter malware attack on a chlorine distillation plant. The attack could have had a far-reaching impact on the country. It’s the only plant of its kind in the country and its product is used across the country for water treatment. If it had to shut down, it would have been disastrous.
VPNFilter is already famous after it infiltrated 500,000 routers over the past two years. The malware was stopped before it was used on a larger scale. The FBI was even called in to assist. Although VPNFilter was stopped in its original form, hackers developed a new one soon after. The modular malware’s various features can be used for espionage. It was designed by a hacker with the profile APT28, also called Fancy Bear. This is not a single person but a group. It’s believed they’re nation-state actors and can even be part of the Russian military.
At the moment, Ukraine points the finger at Russia for the attack and the country has good reason to believe this is the case. Russia used cyber attacks in the past as well, such as ransomware outbreaks and an attack on its power grid two years ago. The motivation behind the attacks is the silent war between the two countries. This war was sparked in 2014 when Russia annexed Crimea.
However, there’s no proof yet that this was a focused attack on Ukraine. The VPNFilter malware can spread randomly since it works by looking for vulnerable systems. It does this by continuously scanning random IP addresses.
Whether this was a direct attack or not, Ukraine isn’t the only country on alert for Russian attacks. The National Cyber Security Centre believes the UK could also be a target.