A massive botnet has formed and infected more than 500,000 routers and storage devices in multiple countries with a new malware called VPNFilter. It is believed that this attack is preparation by Russia to target Ukraine, in the lead-up to that country’s Champions League soccer final scheduled for Saturday in Kiev.

Russia is the prime suspect behind the malware, reports Reuters, because the code used in the hack aligns with code used in malware from previous cyberattacks attributed to Moscow.

According to security researchers, the botnet allows a vast and powerful range of capabilities. “The VPNFilter malware is one of the most complex IoT/router malware strains and capable of some pretty destructive behavior,” says Bleeping Computer.

Among VPNFilter’s capabilities: espionage, disruption of internet communications, and destructive nation-state attacks.

According to Bleeping Computer, the malware operates in three stages, and utlimately, there are several ways attackers could use VPNFilter:

  • They could use it to spy on network traffic and intercept credentials for sensitive networks
  • They could spy on network traffic heading to SCADA equipment and deploy specialized malware that targets ICS infrastructure
  • They could use the botnet’s hacked devices to hide the source of other malicious attacks
  • They could cripple routers and render a large part of Ukraine’s Internet infrastructure unusable

Reuters notes that some of the biggest cyberattacks on Ukraine have been launched on holidays or the days leading up to them. For instance, NotPetya, coincided with the country’s Constitution Day, and attacks on Ukraine’s power grid occurred around Christmas time.

Get the full story at Bleeping Computer.