Cisco Inc.’s cyberintelligence unit Talos said Wednesday it has discovered at least 500,000 devices in at least 54 countries that are infected with a type of malware previously used to attack Ukraine. In a blog post, Talos said it has been working with public- and private-sector threat intelligence partners and law enforcement to research an advanced malware system it is calling VPNFilter. “The code of this malware overlaps with versions of the BlackEnergy malware — which was responsible for multiple large-scale attacks that targeted devices in Ukraine,” said the blog. “While this isn’t definitive by any means, we have also observed VPNFilter, a potentially destructive malware, actively infecting Ukrainian hosts at an alarming rate, utilizing a command and control (C2) infrastructure dedicated to that country.” The devices infected include Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small-business and home-office space, as well as QNAP network-attached storage devices, said the blog. The malware has the ability to make a device unusable and could cut off the internet access of hundreds of thousands of victims worldwide. The company said law enforcement believes that the malware “originates with a state actor,” said Talos. Cisco shares were slightly lower in Wednesday trade, but have gained 37% in the last 12 months, while the S&P 500 has gained 13%.