Talos Intelligence – the security arm of computer networking firm Cisco, which detected the attack – said it was releasing the information before their investigations are complete because of the urgency in preventing the attack.
Cisco has warned that hackers have infected at least 500,000 internet routers and storage devices with sophisticated state-developed malware in dozens of countries, with a focus on Ukraine.
The country’s capital is hosting the Champions League final on Saturday night, with Liverpool facing Real Madrid.
In a statement, the Ukrainian security service said its experts “believe that the infection of hardware on the territory of Ukraine is preparation for another act of cyber aggression by the Russian Federation, aimed at destabilising the situation during the Champions League final.”
Affected countries include the UK, Cisco’s Martin Lee told Sky News, but the primary target for the hacking campaign was Ukraine.
The malware, which has been called VPNFilter by Cisco, could be used for espionage as well as to destroy the devices that it has infected.
This could cause havoc in Ukraine, a year after another “powerful” cyber attack on the country spread across the world, taking down Chernobyl’s radiation monitoring system in the process.
Earlier this year, the UK and the US attributed that attack – known as NotPetya – to the Russian Government.
The Kremlin has denied these claims and others which assert that Russia has been engaged in aggressive cyber activities designed to harm Ukraine’s economy.
Cisco said it was going public with what it knows about the VPNFilter campaign because it fears an imminent attack, although Cisco suspected that this would occur on Ukraine’s Constitution Day on 28 June.
A number of the large cyber attacks which the country has been victim to have been launched around national holidays, as well as power grid attacks shortly before Christmas in 2015 and 2016.
A recent warning about intrusions into internet infrastructure issued by the National Cyber Security Centre suggested for the first time that the Russian government was attempting to hack into the UK’s critical national infrastructure.
A spokesperson for the National Cyber Security Centre said: “This research is a timely reminder for organisations and home users to get the basics right to help protect their systems against cyber threats.
“We actively encourage everyone to follow their manufacturer’s advice and ensure they are installing patches and using up-to-date AV software. Best practise advice for good cyber hygiene can be found on the NCSC website.”
The Russian Embassy in London did not immediately respond to Sky News regarding the Russian Federation’s responsibility for VPNFilter.