View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Russians in your Router: Unprecedented Joint Technical Alert from UK and US Intelligence

All network device vendors, ISPs, public sector organisations, private sector corporations and even small businesses should read alert and act on recommended mitigation strategies: NCSC

By CBR Staff Writer

The UK’s National Cyber Security Centre (NCSC) and US’s Department of Homeland Security (DHS) have issued an unprecedented joint technical alert – alongside the Federal Bureau of Investigation (FBI) – detailing malicious cyber activity “carried out by the Russian government”. This is aimed primarily at government and private-sector organisations, critical infrastructure providers, and the internet service providers (ISPs) supporting these sectors, they said.

The alert, posted late Monday (April 16) evening, said the exploits are directed at network infrastructure devices worldwide such as routers, switches, firewalls, and the Network Intrusion Detection System (NIDS). All network device vendors, ISPs, public sector organisations, private sector corporations and even small businesses should read the alert and act on the recommended mitigation strategies, the partners said.

The alert, TA18-106A, describes Russian state-sponsored actors using compromised routers to conduct spoofing ‘man-in-the-middle’ attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations. Multiple sources, including private and public-sector cyber security research organisations and allies, have reported this activity to the US and UK governments, the DHS, FBI and NCSC said in a joint statement.

Jeanette Manfra, the DHS’s Assistant Secretary for Cybersecurity and Communications said: “Russian government activities continue to threaten our respective safety, security, and the very integrity of our cyber ecosystem… We will not accept nor tolerate any malign foreign cyber operations, intrusions, or compromises. We call on all responsible nations to use their resources—including diplomatic, law enforcement, technical, and other means—to address the Russian cyber threat.”

Reconnaissance, Weaponisation, Delivery

Protocols targeted in broad reconnaissance scanning include Telnet (“typically Transmission Control Protocol (TCP) port 23, but traffic can be directed to a wide range of TCP ports such as 80, 8080, etc.) Hypertext Transport Protocol (HTTP, port 80), Simple Network Management Protocol (SNMP, ports 161/162), and Cisco Smart Install (SMI port 4786”) the report explains the weaponisation, delivery, exploitation, installation, then command and control tactics, before offering detailed mitigation.

The NCSC’s CEO Ciaran Martin, said: “Russia is our most capable hostile adversary in cyberspace so tackling them is a major priority for the National Cyber Security Centre and our US allies. This is the first time that in attributing a cyber attack to Russia the US and the UK have, at the same time, issued joint advice to industry about how to manage the risks from the attack. It marks an important step in our fight back against state-sponsored aggression in cyberspace.”

He added: “Many of the techniques used by Russia exploit basic weaknesses in network systems. The NCSC is leading the way globally to automate defences at scale to take away some of those basic attacks, thereby allowing us to focus on the most potent threats.”

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

The alert represents the first time the NCSC has been included as an author in a DHS and FBI joint report.

Russians your Router

 

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU