In an Extraordinary Joint Statement, US and UK Blame Moscow for Coordinated Cyberattacks on Internet Infrastructure
Russia is hacking millions of computers in a “sustained” campaign to pave the way for a crippling cyberattack, senior officials in the United States and the United Kingdom have warned. Top officials blamed the Kremlin on Monday (via Telegraph) for coordinated attacks on Internet infrastructure worldwide.
US Department of Homeland Security, the Federal Bureau of Investigation (FBI) and the National's Cyber Security Center (NCSC) conducted a joint investigation into this campaign. The agencies said that state-backed Russian hackers have been conducting a months-long campaign breaching routers, switches and firewalls to target government organizations, armed forces, and critical infrastructure operators.
They are then using these compromised routers to conduct man-in-the-middle (MitM) attacks for cyber espionage or stealing intellectual property.
"These devices actually make ideal targets," Jeanette Manfra, the top Homeland Security cybersecurity official said. "When a malicious actor has access to this, they can monitor, modify, or deny traffic to an organization or from an organization externally."
The White House cybersecurity coordinator Rob Joyce said today that the Trump administration is prepared to push back on Russian attacks using all elements of power. "When we see malicious cyber activity, whether it be from the Kremlin or other nation state actors, we are going to push back," he added.
Britain specifically at the center of the expected incoming cyberattacks from Russia
After the country blamed Russia for the nerve agent attack on a former Russian spy, the country's relations with Russia are at a historic low. "We are still assessing some of the small office and home router targeting," National Cyber Security Centre chief Ciaran Martin said. "But I can say that other attacks are directly targeted at the UK Government and critical, national services."
In an unprecedented step, both the UK and the US issued a joint statement revealing that Russia has been probing networking devices for vulnerabilities to "lay a foundation for future offensive operations."
This isn't, however, the first time that both the countries have blamed Russia for cyberattacks. A series of attacks, including the crippling NotPetya ransomware and the 2016 DNC hacks, were blamed on the Kremlin. However, until now they mentioned attacks originating from Russia, but today the two countries have directly accused the Kremlin for these attacks with "high confidence."
"We have high confidence that Russia has carried out a coordinated campaign to gain access to enterprise, small office, home office routers known as SOHO routers and residential routers, and the switches and connectors worldwide.
"We can't rule out that Russia might intend to use this set of compromises for future offensive cyber operations as well, it provides basic infrastructure they can launch from."
The three agencies said that multiple sources from both the private and public sector have reported this activity to the two governments.
In another first, the close allies will also jointly notify and advise potential targets. Today's statement requests network device vendors and ISPs to follow the alert and implement mitigation strategies. Both the countries have issued advice to all sectors that they believe may have been compromised to offer steps to identify and neutralize problems.
Both the governments have pledged to do whatever it takes to combat this threat.
"We are pushing back and we are pushing back hard."
Manfra said that the "US government and the United Kingdom condemn the actions of the Russian government, and we hold the Kremlin responsible for these malicious cyber activities."
“We will bring every tool to bear against them in every corner of cyberspace," FBI's Howard Marshall who was also on the conference call during the statement said. British NCSC's Ciaran Martin added, that "this is a very significant moment as we hold Russia to account."