UK and US officials warn that Russian hackers have been probing internet communication hubs such as home and office routers around the world "for espionage and possibly sabotage purposes."
CNET:
In a joint announcement Monday from the US Department of Homeland Security, the FBI and the UK's National Cyber Security Center, officials warned Russian spies have been looking for vulnerabilities on millions of routers as a tool for future attacks.
The targets include routers in both homes and offices, as well as firewalls and switches from internet service providers, critical infrastructure and major private companies, Rob Joyce, the National Security Council's cybersecurity coordinator said in a conference call.
"We have high confidence Russia has carried out a coordinated campaign to gain access to enterprise, small office, home office routers known as SOHO routers and residential routers, and the switches and connectors worldwide," Joyce said.
(...)
"The purpose of these attacks could be espionage, it could be theft of intellectual property, it could be prepositioning for use in times of tension," NCSC Director Ciaran Martin said.
WaPo:
Officials say millions of users worldwide have been targeted.
(...)
The agencies ... do not know how many routers, firewalls and switches have been compromised and to what extent. They are seeking the cooperation of home office and private sector business owners in sharing information if they determine their networks have been compromised.
CNET:
Attacks on routers can have more potential for damage since they're not maintained with the same level of security as servers or computers are, [DHS' top cybersecurity official Jeanette] Manfra said. The DHS and the UK's NCSC hope to change that with Monday's technical alert. Part of the alert calls on people to step up their own security, with Manfra pointing out that the DHS can't "protect every single device."
The attacks on "network infrastructure devices" — routers, switches and firewalls — were meant to gain access to government and critical infrastructure targets.
(...)
U.S. and U.K. officials briefing reporters said the attacks could be used for espionage or intellectual property theft or for laying the groundwork for destructive attacks should tensions escalate. But they said they had no insight into the scope of how successful the attacks have been.
(...)
[White House cybersecurity coordinator Rob] Joyce said the White House got involved "to give it the gravitas and attention of the whole of U.S. government." He said the U.S. response could include a range of activities, such as a forthcoming report today detailing how to defend against the attack, and potentially including sanctions, indictments or offensive cyber retaliation.
Joyce said "we can't rule out Russia may attempt to use this [hacked] infrastructure for further attacks." Advice will be handed out to potentially affected entities today, marking the first time the U.K. and the U.S. has pushed out such recommendations together. "The actions you’re seeing today is one in a series of steps against this unacceptable activity," Joyce added.
In a separate statement issued Monday, a spokesman announced Joyce is leaving his position as cybersecurity coordinator for the White House and returning to the National Security Agency. He is the latest of several National Security Council departures under new National Security Advisor John Bolton.
Backdrop: The U.S. still doesn't have a cyber deterrence doctrine that would lay out the consequences for adversaries when they attack the U.S. in cyberspace.
Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices (US-CERT)
UK And US Accuse Russia Of Hacking Home Routers In Global Cyberattacks (Forbes)
U.S., U.K.: Russia launching global cyberattacks aimed at internet traffic controls (Politico)
US, UK warn of Russian hackers targeting millions of routers (CNET)
U.S., British governments warn businesses worldwide of Russian campaign to hack routers (WaPo)