YOU ARE AT:DevicesUS and UK warn of Russian hackers targeting network devices

US and UK warn of Russian hackers targeting network devices

U.S. and U.K. issue alert about Russian state-sponsored hackers

The U.S. and U.K. recently published an alert that Russian state-sponsored hackers are targeting network infrastructure devices, such routers, switches, firewalls and network-based intrusion detection systems, as part of a cyber espionage campaign.

The joint-alert was issued by the U.S. Computer Emergency Readiness Team based upon intel from the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI) and the U.K.’s National Cyber Security Centre (NCSC). Government and private-sector organizations, critical infrastructure providers and internet service providers that support these Russian actors are the primary targets of the hackers, according to the alert.

Among the specific devices targeted include: generic routing encapsulation enabled devices, Cisco Smart Install enabled devices and simple network management protocol enabled devices. The alert came with in-depth instructions about how to mitigate cyber intrusions as well. Per the alert:

“DHS, FBI, and NCSC urge readers to act on past alerts and advisories issued by the U.S. and U.K. Governments, allied governments, network device manufacturers, and private-sector security organizations. Elements from these alerts and advisories have been selected and disseminated in a wide variety of security news outlets and social media platforms. The current state of U.S. network devices — coupled with a Russian government campaign to exploit these devices — threatens the safety, security, and economic well-being of the United States.”

It added that Russian cyber actors are not leveraging zero-day vulnerabilities or installing malware to exploit these devices. Rather, they are taking advantage of multiple mishaps, including: vendors incorrectly setting up devices; manufacturers building and distributing network devices with exploitable services; ISPs not replacing equipment on a customer’s property after a manufacturer quits supporting it; and owners and operators failing to change vendor default settings, apply patches and restore general-purpose hosts after cyber intrusions.

“DHS, FBI, and NCSC urge readers to act on past alerts and advisories issued by the U.S. and U.K. Governments, allied governments, network device manufacturers, and private-sector security organizations,” said the alert. “Elements from these alerts and advisories have been selected and disseminated in a wide variety of security news outlets and social media platforms. The current state of U.S. network devices — coupled with a Russian government campaign to exploit these devices — threatens the safety, security, and economic well-being of the United States.”

ABOUT AUTHOR

Nathan Cranford
Nathan Cranford
Nathan Cranford joined RCR Wireless News as a Technology Writer in 2017. Prior to his current position, he served as a content producer for GateHouse Media, and as a freelance science and tech reporter. His work has been published by a myriad of news outlets, including COEUS Magazine, dailyRx News, The Oklahoma Daily, Texas Writers Journal and VETTA Magazine. Nathan earned a bachelor’s from the University of Oklahoma in 2013. He lives in Austin, Texas.