Cisco's Talos cyberintelligence unit has warned that hackers have infected at least 500,000 routers and storage devices in dozens of countries with sophisticated malware that comprises code previously used to attack Ukraine.
In a blog post, Talos said it has been working for months with public- and private-sector threat intelligence partners and law enforcement to research the advanced malware system it's calling VPNFilter.
"The code of this malware overlaps with versions of the BlackEnergy malware, which was responsible for multiple large-scale attacks that targeted devices in Ukraine," said the security research team.
"While this isn't definitive by any means, we have also observed VPNFilter, a potentially destructive malware, actively infecting Ukrainian hosts at an alarming rate, utilising a command and control (C2) infrastructure dedicated to that country."
Both on 8 May and again on 17 May, the Talos researchers saw a sharp spike in VPNFilter infection activity with most of the new victims located in Ukraine.
"By this point, we were aware of the code overlap between BlackEnergy and VPNFilter, that Ukraine's Constitution Day was approaching in June, and that the timing of previous attacks in Ukraine suggested that an attack could be imminent," they added.
One of Talos researchers told Reuters that it was confident that the Russian government is behind the campaign. Cisco researcher Craig Williams said this was the case because the hacking software shares code with malware used in previous cyber attacks that the US government has attributed to Moscow.
"Security Service experts believe the infection of hardware on the territory of Ukraine is preparation for another act of cyber-aggression by the Russian Federation aimed at destabilising the situation during the Champions League final," Williams said.
He added: "With a network like this you could do anything."
Other major security companies are also warning that the malware should be taken very seriously.
The devices infected with VPNFilter are scattered across at least 54 countries, so anyone could potentially be affected.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago