The U.S., Britain and Australia have accused the Russian government of maliciously targeting global internet equipment for political and economic espionage.
The governments said the Russian operations, which allegedly involve planting malware on internet routers and other equipment, could also lay the foundation for future offensive cyberattacks.
A joint statement Monday by the U.S. Department of Homeland Security, the FBI and the U.K.’s National Cyber Security Centre said the main targets include “government and private-sector organizations,” as well as providers of “critical infrastructure” and internet service providers.
“Victims were identified through a coordinated series of actions between U.S. and international partners,” according to a companion technical alert issued by the U.S. Computer Emergency Response Team (US-CERT). Both nations have “high confidence” in the finding of Russian-sponsored cyber-meddling, which the alert said has been reported by multiple sources since 2015.
Australia also admonished Russia and accused Kremlin-backed hackers of cyberattacks on hundreds of Australian companies last year.
Routers direct data traffic across the internet. US-CERT said the compromised routers can be exploited for “man-in-the-middle” spoofing attacks, in which communications are intercepted by a seemingly trusted device that has actually been infiltrated by an attacker.
“The current state of U.S. network devices — coupled with a Russian government campaign to exploit these devices — threatens the safety, security, and economic well-being of the United States,” the alert stated. An email message seeking comment from the Russian embassy in Washington, D.C., received no response.
US-CERT urged affected companies, and public sector organizations and even people who use routers in home offices to take action to harden poorly-secured devices. But its alert cited only one specific product: Cisco’s Smart Install software.
Australian Defense Minister Marise Payne said about 400 Australian companies were targeted in the 2017 Russian attacks, but there was no “exploitation of significance.”
“The points which this reinforces for us as…