Router security flaws targeted in global Russian cyber attacks, claim FBI and NCSC

Router security flaws exploited for espionage and intellectual property theft

Russian state hackers have been accused of running a global campaign exploiting security flaws in order to hijack routers. That is the warning of the National Cyber Security Centre (NCSC) in the UK and the FBI and Department of Homeland Security in the US.

The compromise of what they claim are millions of networking devices is part of a campaign to "conduct espionage and intellectual property theft", the officials have warned.

According to the NCSC, the FBI and the DHS, state-sponsored Russian hackers have targeted network devices inside government organisations, private industry and critical infrastructure operators, and even those within small and home offices.

The months-long campaign saw hackers attempt to compromise 'millions' of devices - including routers, switches, firewalls and network intrusion detection systems - and officials have claimed that the sustained effort could have been used for espionage, the theft of intellectual property or for "use in times of tension".

In a first-of-its-kind joint statement, released on Tuesday, the officials said they had "high confidence" that Russian state-sponsored cyber actors "are using compromised routers to conduct man-in-the-middle attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations".

"The current state of US and UK network devices, coupled with a Russian government campaign to exploit these devices, threatens our respective safety, security, and economic well-being," the statement went on to warn.

While it the extent of the attack remains unclear, Ciaran Martin, head of the UK's NCSC, noted that many of the machines targeted had been "seized by hackers", adding that hacks were being tracked by British intelligence from a year ago.

While the UK and US have been quick to point fingers in the direction of the Kremlin, the Russia Embassy has denied any involvement and has slammed the "accusations" as "striking examples of a reckless, provocative and unfounded policy against Russia".

In a statement given to Forbes, a Russian Embassy spokesperson rejected the claims: "We are disappointed by the fact that such serious claims have been made publicly, without any proof being presented and without any attempt by the UK to clarify the situation with the Russian side in the first place.

"Given that in recent days the British media, instigated by official statements, has again started to exploit the issue of 'cyber threats from Russia,' impression grows that the British public is being prepared for a massive cyber attack by the UK against Russia, that will purport to be of a retaliatory nature, but would in fact constitute unprovoked use of force.

"Russia is not planning to conduct any cyber attacks against the United Kingdom. We expect the British government to declare the same."

This so-called "accusation" comes just weeks after UK and US gov officials blamed Russia for the "devastating" the Notpetya ransomware attack that caused millions of pounds worth of damage across the globe, while Germany has pointed the finger of blame at Russia for an attack on the country's foreign ministry.