Russian government actors routinely targeted federal agencies and companies in the U.S. and United Kingdom using compromised network devices to disrupt industry functions and steal intellectual property, according to a Department of Homeland Security alert released Monday.
DHS, along with the FBI and the U.K.’s National Cyber Security Centre (NCSC), warn U.S. and British businesses and critical infrastructure partners that Russia is likely to continue its global network hack campaign and urged industry to improve its security protocols.
“Since 2015, the U.S. Government received information from multiple sources, including private and public sector cyber security research organizations and allies, that cyber actors are exploiting large numbers of enterprise-class and SOHO/residential routers and switches worldwide. The U.S. Government assesses that cyber actors supported by the Russian government carried out this worldwide campaign. These operations enable espionage and intellectual property that supports the Russian Federation’s national security and economic goals,” DHS officials wrote in the threat alert.
Russian actors specifically targeted companies’ GRE-enabled devices, Cisco [CSCO] Smart Install-enabled devices and SNMP-enabled network devices.
The new threat alert highlights efforts to exploit weak router security devices to gain access to industry data, maintain backdoors to networks and potentially drop malware for future offensive cyber attacks.
“Network device vendors, ISPs, public sector organizations, private sector corporations and small-office/home-office customers should read the alert and act on the recommended mitigation strategies,” officials wrote in the alert.
The report marks the first the time Britain’s NCSC has joined DHS and the FBI in a threat alert.
"The activity highlighted today is part of a repeated pattern of disruptive and harmful malicious cyber action carried out by the Russian government,” said Howard Marshall, deputy director of the FBI, in a statement. “We do not make this attribution lightly and will hold steadfast with our partners."
Jeanette Manfra, the top cyber official with DHS’ National Protection and Programs Directorate, cited improved information sharing with industry and U.K. partners as a key factor in identifying Russian actors’ activity.
“Through information sharing programs like Automated Indicator Sharing, we are building the capacity for collective defense to minimize threats between U.S. and UK network devices. While DHS cannot protect every network at all times, we can ensure that we are all collectively empowered to secure our networks through government and industry working together,” Manfra said.
Critical infrastructure and private sector partners are urged to read the alert and work on improving security protocols for their routers, switches, firewalls and Network Intrusion Detection Systems.
“Russian government activities continue to threaten our respective safety, security, and the very integrity of our cyber ecosystem. We condemn this latest activity in the strongest possible terms and we will not accept nor tolerate any malign foreign cyber operations, intrusions, or compromises —to include influence operations. We call on all responsible nations to use their resources—including diplomatic, law enforcement, technical, and other means—to address the Russian cyber threat,” Manfra said.