US and UK issue joint warning about Russian hacking of routers and ISPs
Global fears about cyberattacks by Russia are not calming down, and the US and UK have just issued a joint alert warning of state-sponsored attacks on network infrastructure devices, including residential routers.
The west is accusing Russia of an espionage-driven malicious cyberoffensive, and the Technical Alert -- which comes following a joint effort between the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the UK's National Cyber Security Centre (NCSC) -- warns that both governmental and residential hardware is being targeted to "potentially lay a foundation for future offensive operations".
- Et tu, Tumblr? Blogging site says it was used by Russia to spread fake news in 2016
- Hacker Guccifer 2.0 seems to accidentally confirm links to Russia
- Kaspersky Lab plans Swiss data center to quell fears about Russian connections
The alert -- published on the US-CERT website -- warns that the "current state of US network devices -- coupled with a Russian government campaign to exploit these devices -- threatens the safety, security, and economic well-being of the United States".
The aim of the alert is to warn businesses, individuals, ISPs and device manufacturers about a perceived campaign by the Russian government, and to give details of what to look out for. The report "provides information on the worldwide cyber exploitation of network infrastructure devices (e.g., router, switch, firewall, Network-based Intrusion Detection System (NIDS) devices) by Russian state-sponsored cyber actors. Targets are primarily government and private-sector organizations, critical infrastructure providers, and the Internet service providers (ISPs) supporting these sectors."
It says that the US government has information about threats from cyber attacks seeking to exploit routers and network switches en masse dating back to 2015.
The alert goes on to say:
This report contains technical details on the tactics, techniques, and procedures (TTPs) used by Russian state-sponsored cyber actors to compromise victims. Victims were identified through a coordinated series of actions between U.S. and international partners. This report builds on previous DHS reporting and advisories from the United Kingdom, Australia, and the European Union. This report contains indicators of compromise (IOCs) and contextual information regarding observed behaviors on the networks of compromised victims. FBI has high confidence that Russian state-sponsored cyber actors are using compromised routers to conduct man-in-the-middle attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations.
There is a warning that known vulnerabilities are exploited to modify firmware and operating system, to steal login credentials, monitor and reroute internet traffic and much more. The alert outlines a multi-stage attack scenario -- reconnaissance, weaponization, delivery, exploitation, installation, and command and control, and goes as far as providing some mitigating steps that can be taken to reduce the impact of attack, or stop them altogether.
Russia has not responded to the joint alert.