Russia has denied accusations from the United States and Britain that its agents have planted malware on key components of the internet to spy on rivals, steal trade and potentially launch cyber attacks.
- US and Britain have “high confidence” in the finding of Russian-sponsored cyber-meddling
- Compromised routers can be exploited for “man-in-the-middle” spoofing attacks
- Affected users urged to take action to harden poorly secured devices
A Kremlin spokesman called the claim unfounded and “feeble”.
In a joint statement on Monday (local time), the US Department of Homeland Security, the FBI and the UK’s National Cyber Security Centre said the main targets in the alleged tampering of routers and other networking equipment included “government and private-sector organisations,” as well as providers of “critical infrastructure” and internet service providers.
“Victims were identified through a coordinated series of actions between US and international partners,” according to a companion technical alert issued by the US Computer Emergency Response Team (US-CERT).
Both nations have “high confidence” in the finding of Russian-sponsored cyber-meddling, which the alert said had been reported by multiple sources since 2015.
Australia also admonished Russia and accused Kremlin-backed hackers of cyberattacks on hundreds of Australian companies last year.
US cybersecurity researcher Jake Williams said it was difficult for him to understand the motivation for Monday’s alert given that “the activity has been ongoing for some time”.
“Calling the Russians out on this hardly makes much sense unless there’s some other agenda (most likely political),” said Mr Williams, the president of Rendition Infosec.
In Moscow, Kremlin spokesman Dmitry Peskov called the accusations groundless.
“We don’t know what these accusations are based on,” he told reporters.
“Such accusations are typically thrown into the air and no one even bothers to offer any arguments [proof] anymore.
“We think such feeble accusations have lost all meaning.”
Routers direct data traffic across the internet. US-CERT said the compromised routers could be exploited for “man-in-the-middle” spoofing attacks, in which communications are intercepted by a seemingly trusted device that has actually been infiltrated by an attacker.
“The current state of US network devices — coupled with a Russian Government campaign to exploit these devices — threatens the safety, security, and economic well-being of the United States,” the alert stated.
Users urged to secure devices
Cybersecurity experts say the kinds of exploits described in the US-CERT alert are commonly practiced by all nations engaged in offensive cyberespionage, including the US, Britain and Australia.
US-CERT urged affected companies, public sector organisations and even people who use routers in home offices to take action to harden poorly secured devices.
But its alert cited only one specific product: Cisco’s Smart Install software.
Australian Defence Minister Marise Payne told reporters approximately 400 Australian companies were targeted in the hacking but there was no “exploitation of significance”.
On March 15, US-CERT issued a similar alert saying the FBI and DHS had determined that Russian Government “cyber actors” had sought to infiltrate US agencies as well as “organisations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors”.
It said Russian agents had obtained “remote access” to energy sector networks and obtained information on industrial control systems.
Experts have stressed that the March 15 bulletin did not mean Russia had obtained access to systems that control critical infrastructure such as the power grid.
But Russia does have history in this regard, as many security experts blame it for several cyber-sabotage attacks on Ukraine’s power grid.