Operations, allegedly involving planting malware on internet routers, could lay foundation for future cyberattacks
US and UK say is Russia targeting internet hardware for espionage
Washington and London on Monday jointly accused the Russian government of maliciously targeting global internet equipment for political and economic espionage.
The two governments said the Russian operations, which allegedly involve planting malware on internet routers and other equipment, could also lay the foundation for future offensive cyberattacks.
A joint statement by the United States Department of Homeland Security, the FBI and the Britain's National Cyber Security Centre said the main targets include “government and private-sector organisations”, as well as providers of “critical infrastructure” and internet service providers.
“Victims were identified through a co-ordinated series of actions between US and international partners,” according to a companion technical alert issued by the US Computer Emergency Response Team (US-CERT). Both nations have “high confidence” in the finding of Russian-sponsored cyber-meddling, which the alert said has been reported by multiple sources since 2015.
Routers are devices that direct data traffic across the internet. US-CERT said the compromised routers can be exploited for “man-in-the-middle” spoofing attacks, in which communications are intercepted by a seemingly trusted device that has actually been infiltrated by an attacker.
“The current state of US network devices – coupled with a Russian government campaign to exploit these devices – threatens the safety, security, and economic well-being of the United States,” the alert stated. An email message seeking comment from the Russian embassy in Washington received no response.
US-CERT urged affected companies, public-sector organisations and even people who use routers in home offices to take action to harden poorly-secured devices. But its alert cited only one specific product: Cisco’s Smart Install software.
On March 15, US-CERT issued a similar alert saying the FBI and DHS had determined that Russian government “cyber actors” had sought to infiltrate US agencies as well as “organisations in the energy, nuclear, commercial facilities, water, aviation and critical manufacturing sectors”. It said Russian agents had obtained “remote access” to energy sector networks and obtained information on industrial control systems.
Experts have stressed that the March 15 bulletin did not mean Russia had obtained access to systems that control critical infrastructure such as power grids. But Russia does have history in this regard – many security experts blame it for several cyber-sabotage attacks on Ukraine’s power grid.