US, UK warn against Russia-sponsored cyber attacks
US Department of Homeland Security website says FBI is confident that Russian-sponsored cyber actors are using compromised routers to support espionage, extract intellectual property, maintain access to victim networks, and lay foundation for future operations.world Updated: Apr 17, 2018 18:59 IST
Cyber security representatives from the United States and Britain have warned of Russian state-sponsored cyber-attacks that are targeting network infrastructure devices such as routers and firewalls, to compromise government and private sectors globally.
According to a US Computer Emergency Response Team (US-CERT), the Technical Alert (TA) provided information on the worldwide cyber exploitation of network infrastructure devices (routers, switches, firewalls, Network-based Intrusion Detection Systems) by Russian state-sponsored cyber actors.
The joint TA is the result of analytic efforts between the US Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the UK’s National Cyber Security Centre, according to information on the official website of the DHS.
“The FBI has high confidence that Russian state-sponsored cyber actors are using compromised routers to conduct man-in-the-middle attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations.”
Since 2015, the US government has been receiving information from multiple sources — including private and public sector cyber security research organisations and allies — that cyber actors were exploiting large numbers of enterprise-class and residential routers and switches worldwide.
The government assessed that cyber actors supported by the Russian government carried out this worldwide campaign. These operations enable espionage and intellectual property that supports the Russian Federation’s national security and economic goals, the website said.
Russian cyber-actors leverage a number of legacy or weak protocols and service ports associated with network administration activities. Cyber-actors use these weaknesses to identify vulnerable devices, extract device configurations, harvest login credentials, modify device firmware, and copy or redirect victim traffic through Russian cyber-actor-controlled infrastructure.
Meanwhile, an expert from cyber security company FireEye said that Russia has repeatedly leveraged cyber tools to protect its interests, especially when the country’s prestige as a military superpower is threatened.
“For instance, when their place in the Olympics was embarrassingly lost, they lashed out with a campaign to undermine the legitimacy of the games, ultimately culminating in an attempt to disrupt the events themselves,” John Hultquist, Director of Intelligence Analysis at FireEye, said in a statement.