The Russian government is preparing a major cyberattack aimed at causing chaos in Ukraine, possibly during the Champions League final on Saturday, security officials in Kiev warned on Wednesday.
Ukraine's cyberpolice said in a statement that it was possible the hackers planned to strike during "large-scale events," an apparent reference either to the upcoming Champions League game between Real Madrid and Liverpool in the capital, Kiev, or to Ukraine's upcoming Constitution Day celebrations.
"At the moment, we are doing everything within our competence to protect citizens and the state sector from possible cyber threats," Ukraine cyber police chief Sergey Demedyuk said. "I do not rule out that this time the intruders had the purpose to destabilize the situation in the country with the help of a virus attack precisely during the period of large-scale events in Ukraine."
The warning came the same day that network technology company Cisco Systems and antivirus company Symantec disclosed that a half-million internet-connected routers had been compromised in a possible effort to lay the groundwork for a cyber-sabotage operation against targets in Ukraine.
"Both the scale and the capability of this operation are concerning," said a statement from Talos Intelligence, the security arm of Cisco. "Working with our partners, we estimate the number of infected devices to be at least 500,000 in at least 54 countries."
Talos said it was releasing the information before its investigations are complete because of the urgency in preventing the cyberattack.
A representative from Cisco told Sky News that the United Kingdom is among the countries affected by the malware, but the primary targeted for the hacking campaign appears to be Ukraine. The malware, which has been called VPNFilter by Cisco, could be used for espionage as well as to destroy the devices that it has infected.
The FBI recently seized a key website that communicated with the massive army of hijacked devices, according to court documents obtained by the Associated Press. Officials hope the seizure disrupted an ambitious cyberattack by the Russian government-aligned hacking group widely known as Fancy Bear.
"I hope it catches the actors off guard and leads to the downfall of their network," Craig Williams, the director of outreach for Talos, told the AP. Williams warned the hackers could still regain control of the infected routers if they possessed their addresses and the right resources to re-establish command and control.
"It could be a significant threat to users around the world," he said.
Ukraine has been locked in a years-long struggle with Russia-backed separatists in the country's eastern border and has repeatedly been hit by cyberattacks of escalating severity. Last year witnessed the eruption of the NotPetya worm, which crippled critical systems, including hospitals, across the country and dealt hundreds of millions of dollars in collateral damage around the globe.
Ukraine, the United States and Britain have blamed the attack on Moscow — a charge Russia has denied.
Cisco and Symantec both steered clear of attributing the VPNFilter malware to any particular actor, but an FBI affidavit explicitly attributed it to Fancy Bear, the same group that hacked into the Democratic National Committee in 2016 and has been linked to a long series of digital intrusions stretching back more than a decade. The U.S. intelligence community assesses that Fancy Bear acts on behalf of Russia's military intelligence service.
The Associated Press contributed to this report.