The UK’s National Cyber Security Centre (NCSC) and US’s Department of Homeland Security (DHS) have issued an unprecedented joint technical alert – alongside the Federal Bureau of Investigation (FBI) – detailing malicious cyber activity “carried out by the Russian government”. This is aimed primarily at government and private-sector organisations, critical infrastructure providers, and the internet service providers (ISPs) supporting these sectors, they said.
The alert, posted late Monday (April 16) evening, said the exploits are directed at network infrastructure devices worldwide such as routers, switches, firewalls, and the Network Intrusion Detection System (NIDS). All network device vendors, ISPs, public sector organisations, private sector corporations and even small businesses should read the alert and act on the recommended mitigation strategies, the partners said.
The alert, TA18-106A, describes Russian state-sponsored actors using compromised routers to conduct spoofing ‘man-in-the-middle’ attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations. Multiple sources, including private and public-sector cyber security research organisations and allies, have reported this activity to the US and UK governments, the DHS, FBI and NCSC said in a joint statement.
Jeanette Manfra, the DHS’s Assistant Secretary for Cybersecurity and Communications said: “Russian government activities continue to threaten our respective safety, security, and the very integrity of our cyber ecosystem… We will not accept nor tolerate any malign foreign cyber operations, intrusions, or compromises. We call on all responsible nations to use their resources—including diplomatic, law enforcement, technical, and other means—to address the Russian cyber threat.”