State-sponsored Russian attackers have conducted a sustained campaign targeting routers and network infrastructure devices.
According to a joint investigation and technical alert by the US Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI) and the UK’s National Cyber Security Centre (NCSC), global network infrastructure devices such as routers, switches, firewalls and network intrusion detection systems have been targeted with a view to conduct espionage and intellectual property theft.
There is also evidence of attackers maintaining persistent access to victim networks and potentially laying a foundation for future offensive operations.
Specifically, network device vendors, internet service providers (ISPs), public sector organizations, private sector corporations and small office home office customers have been targeted with a view to getting access to connected customers.
The FBI, DHS and NCSC have released a report to inform those affected in order to remediate issues, which has been reported by “multiple sources including private and public-sector cybersecurity research organizations and allies.”
White House cybersecurity coordinator Rob Joyce said on a conference call that once an attacker is on a router “they own all the traffic” and an infected router is “a tremendous weapon in hands of an adversary.”
Joyce was keen dismiss any reference to Syria in regard to the weekend’s military action. However he did say that the White House was “intending to give it the gravitas of the whole US government,” and the actions of the attackers were not to steal, “but to facilitate other actors.”
Ciaran Martin, CEO of the National Cyber Security Centre said: “This is the first time that in attributing a cyber-attack to Russia the US and the UK have, at the same time, issued joint advice to industry about how to manage the risks from attacks. It marks an important step in our fight back against state-sponsored aggression in cyberspace.”
He went on claim that many of the techniques being used by Russia exploit basic weaknesses in network systems.
“The NCSC is leading the way globally to issue advice and automate defenses at scale to remove those basic attacks, thereby allowing us to focus on the most potent threats,” he said.
Martin also confirmed that the sustained targeting had continued for months and millions of machines were being targeted.
Asked if there were plans to “hit back,” Martin said that the UK response was about mitigations, and the intention of the advisory was to tell owners of networks how to tackle it, but the NCSC was not discussing offensive capabilities.