The Security Service of Ukraine (SBU) has warned about a threat of a large-scale cyber attack from Russia from the UEFA Champions League in Kyiv on 26 May.
According to the SBU website, network devices in Ukraine may be infected with a malware conventionally named VPNFilter. The virus can intercept traffic going through an infected device, collect and upload information, remotely control the infected device and put it out of order.
Certain routers and other network devices of such brands as Linksys, Mikrotik, Netgear, QNAP and TP-Link can be at risk.
According to Cisco Talos, 500,000 devices all over the world are infected with this virus, but infection dynamics is especially high in Ukraine.
It poses particular threat to supervisory control and data acquisition (SCADA) systems. Therefore the SBU suggested that Russia could be plotting acts of cyber sabotage at Ukraine's critical infrastructure facilities.
Considering the risks, the SBU and the National Police have already notified potential victims.
The SBU recommends other users to reset their routers and network file storages to remove potentially malicious malware modules from devices' random access memory.
If there are reasons to consider a device in a local network infected, update its system to the latest available version. If you have access to the file system on online devices, delete the contents of the following directories /var/run/vpnfilterw, var/run/tor, var/run/torrc, var/run/tord.