The US Federal Bureau of Investigation has put a spoke in the wheel of a major Russian digital disruption operation potentially aimed at causing havoc in Ukraine.
Network technology company Cisco Systems and antivirus company Symantec on Wednesday warned that a half-million internet-connected routers had been compromised in a possible effort to lay the groundwork for a cyber-sabotage operation against targets in Ukraine.
Court documents simultaneously unsealed in Pittsburgh show the FBI seized a key website communicating with the massive army of hijacked devices, disrupting what could have been an ambitious cyberattack by Russian government-aligned hacking group widely known as Fancy Bear.
FBI Assistant Director Scott Smith said the agency "has taken a critical step in minimising the impact of the malware attack. While this is an important first step, the FBI's work is not done."
Much about the hackers' motives remains open to conjecture.
Cisco said the malicious software, which it and Symantec both dubbed VPNFilter after a folder it creates, was sitting on more than 500,000 routers in 54 countries but mostly in Ukraine, and had the capacity to render them unusable - a massively disruptive move if carried out at such a scale.
The malware could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities, the US Justice Department said.
Ukraine has been locked in a years-long struggle with Russia-backed separatists in the country's east and has repeatedly been hit by cyberattacks of escalating severity.
Last year witnessed the eruption of the NotPetya worm, which crippled critical systems, including hospitals , across the country and dealt hundreds of millions of dollars in collateral damage around the globe. Ukraine, the US and Britain have blamed the attack on Moscow - a charge the Kremlin has denied.
Cisco and Symantec steered clear of attributing the VPNFilter malware to any particular actor, but an FBI affidavit explicitly attributed it to Fancy Bear, the same group that hacked into the Democratic National Committee in 2016 and has been linked to digital intrusions stretching back more than a decade.
The US intelligence community assesses that Fancy Bear acts on behalf of Russia's military intelligence service.
An FBI affidavit said the hackers used lines of code hidden in the metadata of online photo albums to communicate with their network of seeded routers.
