Russian state hackers are "targeting internet infrastructure"

Frederick Owens
April 17, 2018

Russian hackers have been targeting millions of routers around the world.

Russian Federation is using compromised computer network equipment to attack US and British companies and government agencies, the two countries warned in an unprecedented joint alert.

In a joint announcement Monday from the US Department of Homeland Security, the Federal Bureau of Investigation and the UK's National Cyber Security Center, officials warned that Russian spies have been looking for vulnerabilities on millions of routers as a tool for future attacks.

American and British officials said the attacks affected a wide range of organizations including Internet service providers, private businesses and critical infrastructure providers.

"When we see malicious cyber activity, whether it be from the Kremlin or other malicious nation-state actors, we are going to push back", said Rob Joyce, the White House cyber security coordinator.

According to the Monday statement, Russian government hackers targeted networking equipment such as routers, switches and firewalls, as well as the systems that are meant to detect intrusion into networks. These were not just security and government routers, but personal and business routers, as well.

"Commercially available routers were used as a point of entry, demonstrating that every connected device is vulnerable to malicious activity", Taylor said in a statement.

More news: Accountability Office: $43000 soundproof booth for EPA head violated law

Martin said the attacks could be designed for spying, stealing intellectual property or possibly "prepositioning for use in times of heightened tension". The US has taken actions in the a year ago against alleged hackers from Iran, Russia and North Korea.

"We can't rule out that Russian Federation might intend to use this set of compromises for future offensive cyber operations as well, it provides basic infrastructure they can launch from". But the responsibility also falls on device makers to issue necessary fixes.

These network devices make "ideal targets", said Manfra, Homeland Security's assistant secretary for cybersecurity and communications.

The full alert contains indicators of compromise for the attacks, technical details on the tactics, techniques and procedures as well as contextual information regarding observation of the attacks. They could use a brute-force attack, where they would spam it with different usernames and passwords until it unlocked.

United Kingdom and U.S. release technical alert warning of attacks since 2015. For owners, they're asked to ensure network devices are up-to-date, change default passwords, and ensure the firmware on the device is from a trusted source. The DHS also recommends people "retire and replace legacy devices" that can't be updated.

Lack of security patches or support of end-of-life devices by manufacturers or vendors.

Other reports by LeisureTravelAid

Discuss This Article