UK National Cyber Security Centre teams up with FBI and others to issue advice in light of malicious exploits targeting network hardware – including consumer routers

The Kremlin is behind a long-term campaign of malicious cyber activity, UK and US authorities have said

After calling out the Kremlin for undertaking a sustained campaign of cyberattacks, UK and US intelligence services have hailed “a significant moment in the transatlantic fightback against Russia’s aggressive activity in cyberspace”.

The UK National Cyber Security Centre (NCSC) has united with the FBI and the US Department of Homeland Security to issue an “alert about malicious cyber activity carried out by the Russian government”.

The attribution of this activity to Russia follows reports from “multiple sources”, representing cybersecurity research bodies in both the public and private sectors.

“We at the NCSC have been tracking some of these attacks for around a year, and the groups behind them for longer than that,” the organisation’s chief executive Ciaran Martin told reporters on a conference call today.

Russian state-sponsored activity has reportedly been targeted at government entities and private companies – including providers of critical national infrastructure, and internet service providers. The joint statement indicated that attacks have been aimed at network hardware devices, including routers, switches, firewalls, and network intrusion-detection systems. 

Related content

• NSA: ‘We have not responded to a zero-day in two years – our adversaries are hitting known vulnerabilities’
• NCSC warns government and power companies about Russian cyberthreat
• NCSC’s Dr Ian Levy on why the UK must ‘turn cybersecurity into a science’

The statement said: “The current state of US and UK network devices, coupled with a Russian government campaign to exploit these devices, threatens our respective safety, security, and economic well-being.”

The attacks have also included concerted attempts to breach consumer and small business devices as a way into the network.

“We have high confidence that Russia has carried out a coordinated campaign to gain access to SOHO (small office/home office) and residential routers,” White House cybersecurity coordinator Rob Joyce told journalists.

Some attacks have seen actors working on behalf of Russia target “compromised routers” to execute ‘man-in-the-middle’ attacks. These incursions are so called because perpetrators effectively insert themselves between two systems that communicate with one another and intercept the information being relayed.

The exploits that have perpetrated by Russia in recent months are being undertaken “to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations,” today’s statement said. 

Jeanette Manfra, the foremost cybersecurity official at the Department of Homeland Security, explained that, if you can control routers, you can control traffic, which means that the future threat from Russia could take several forms.

“[Routers] could be used to generate traffic for a DDoS attack, but also for espionage or for offensive cyber campaigning,” she added.

A large number of the Russian exploits could be defended against by adherence to best security practice, the security agencies indicated. To this end, UK and US authorities will be issuing a report containing information on how businesses and individuals can best protect themselves against cyberthreats.

NCSC chief Martin said: “This is a significant moment in the transatlantic fightback against Russia’s aggressive activity in cyberspace. We have called it out before, but never have we joined together… to give advice to industry and citizens.”

He added: “This a very significant moment – we are holding Russia to account, and improving our defences at the same time.”