US and UK team up to fight Russian IP theft
The US and the UK have joined forces in an effort to fight “worldwide cyber exploitation of network infrastructure devices” from Russian-sponsored hackers.
The technical alert (TA) is a joint initiative from the US’s Department of Homeland Security, the FBI and the UK’s National Cyber Security Centre.
According to the Homeland Security’s Computer Awareness Readiness Team—whose mission is to reduce cyber security challenges—the main targets of Russia’s cyber exploitation are government and private-sector organisations, critical infrastructure providers, and the internet service providers that support these sectors.
The FBI said it is confident that Russian state-sponsored “cyber actors” use compromised routers to conduct “man-in-the-middle” attacks on these organisations. The attacks are allegedly designed to support Russian espionage, extract IP information, and to maintain access to the victims’ networks and allow the hackers to potentially commit future operations.
“Cyber actors” have been exploiting a large number of international routers since 2015, after the US government received information from multiple resources, said the press release.
“The US government assesses that cyber actors supported by the Russian government carried out this worldwide campaign,” it said.
“These operations enable espionage and IP that supports the Russian Federation’s national security and economic goals.”
Those committing the cyber theft do not need to install malware to exploit the devices. Rather, they take advantage of devices that are insufficiently hardened before installation and those that are not supported with security patches by manufacturers. This allows for “intermittent and persistent” access to IP and information that supports the health and safety of the US population, the release said.
The TA outlined a number of mitigation strategies to avoid falling foul of cyber theft.
For example, it advised that organisations should not use unencrypted management tools. Where an encrypted protocol is not possible, management activities from outside the organisation should be implemented through an encrypted virtual private network.
-
Previous:
-
Next: