The Russian government is behind a number of cyberattacks that target network infrastructure devices such as routers, Network-based Intrusion Detection System (NIDS) and firewalls in US homes and businesses for cyberespionage, informs a technical alert (TA) released on Monday.
The TA is a joint investigative effort between the Department of Homeland Security, the FBI and the United Kingdom’s National Cyber Security Centre.
Both organizations and private homes must stay alert and take measures to protect their systems and data from cyberattacks and hijacking, officials advise.
The main targets include government and private-sector organizations, critical infrastructure providers and ISPs that can be easily infiltrated by manipulating routers into man-in-the-middle attacks to threaten US national security and the economy.
By taking advantage of weak protocols, Russian hackers scan the internet for exploitable devices, steal credentials, and make changes in the OS, device firmware and configurations.
“The purpose of this TA is to inform network device vendors, ISPs, public-sector organizations, private-sector corporations, and small office home office (SOHO) customers about the Russian government campaign, provide information to identify malicious activity, and reduce exposure to this activity,” officials said.
Australia has joined the two countries in outing Russian state-sponsored attacks and espionage operations, directly associating the 2017 attacks on Cisco routers with Russia, possibly affecting all infrastructures built on Cisco systems.
“Based on advice from Australian intelligence agencies, and in consultation with our allies, the Australian government has determined that Russian state-sponsored actors are responsible for this activity, which occurred in 2017,” the minister for law enforcement and cybersecurity, Angus Taylor, said in a statement.