The US Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI) and the United Kingdom’s (UK) National Cyber Security Centre (NCSC) released a joint Technical Alert (TA) about malicious cyber activity carried out by the Russian Government. The targets of this malicious cyber activity are primarily government and private-sector organizations, critical infrastructure owners and operators, and the Internet Service Providers (ISPs) supporting these sectors.
This alert provides information about large numbers of enterprise-class and small office home office (SOHO)-class routers and switches worldwide that have been exploited by cyber actors supported by the Russian government. It contains indicators of compromise (IOCs) and contextual information regarding observed behaviors on the networks of compromised victims.
Network device vendors, ISPs, public-sector organizations, private-sector corporations, and SOHO customers should read this report and take action on the recommended mitigation strategies. The current state of U.S. network devices, coupled with a Russian Government campaign to exploit these devices, threatens the safety, security, and economic well-being of the United States.
Russian state-sponsored cyber actors are using compromised routers to conduct spoofing (i.e., man-in-the-middle) activity to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations.
This is a great Article. Our firm is seeing a trend in targeted cyber attacks, Title Agencies continue to be high on the list because of the amount of wire transfers taking place. I recently spoke at a conference with the FBI on this subject. As long as the attackers can financially gain it will continue to happen. Awareness and training staff is critical to the fight against cyber crime.