U.S. and U.K. issue alert about Russian state-sponsored hackers
The U.S. and U.K. recently published an alert that Russian state-sponsored hackers are targeting network infrastructure devices, such routers, switches, firewalls and network-based intrusion detection systems, as part of a cyber espionage campaign.
The joint-alert was issued by the U.S. Computer Emergency Readiness Team based upon intel from the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI) and the U.K.’s National Cyber Security Centre (NCSC). Government and private-sector organizations, critical infrastructure providers and internet service providers that support these Russian actors are the primary targets of the hackers, according to the alert.
Among the specific devices targeted include: generic routing encapsulation enabled devices, Cisco Smart Install enabled devices and simple network management protocol enabled devices. The alert came with in-depth instructions about how to mitigate cyber intrusions as well. Per the alert:
“DHS, FBI, and NCSC urge readers to act on past alerts and advisories issued by the U.S. and U.K. Governments, allied governments, network device manufacturers, and private-sector security organizations. Elements from these alerts and advisories have been selected and disseminated in a wide variety of security news outlets and social media platforms. The current state of U.S. network devices — coupled with a Russian government campaign to exploit these devices — threatens the safety, security, and economic well-being of the United States.”
It added that Russian cyber actors are not leveraging zero-day vulnerabilities or installing malware to exploit these devices. Rather, they are taking advantage of multiple mishaps, including: vendors incorrectly setting up devices; manufacturers building and distributing network devices with exploitable services; ISPs not replacing equipment on a customer’s property after a manufacturer quits supporting it; and owners and operators failing to change vendor default settings, apply patches and restore general-purpose hosts after cyber intrusions.
“DHS, FBI, and NCSC urge readers to act on past alerts and advisories issued by the U.S. and U.K. Governments, allied governments, network device manufacturers, and private-sector security organizations,” said the alert. “Elements from these alerts and advisories have been selected and disseminated in a wide variety of security news outlets and social media platforms. The current state of U.S. network devices — coupled with a Russian government campaign to exploit these devices — threatens the safety, security, and economic well-being of the United States.”