Privacy News US and UK warn that Russia has been hacking routers worldwide

[SumTingWong]

Sources: 1) US and UK warn that Russia has been hacking routers worldwide
2) Russia accused of net hack attacks

This morning, reports surfaced that UK Prime Minister Theresa May has been briefed on possible incoming Russian-based cyberattack that could lead to the release of compromising information about the country's lawmakers. But the threat has been expanded beyond gaining leverage on politicians. UK cyber intelligence agency NCSC, the FBI and the DHS have jointly accused Russian-based attackers of engaging a campaign for months trying to compromise routers, switches and firewalls around the world to hijack the Internet's infrastructure.​

State-sponsored Russian hackers are actively seeking to hijack essential internet hardware, US and UK intelligence agencies say.
The UK's National Cyber Security Centre (NCSC), the FBI and the US Department of Homeland Security issued a joint alert warning of a global campaign.
The alert details methods used to compromise the networking equipment used to move traffic across the net.
This could be used be used to mount a future offensive, it warned.
In a press conference about the alert, White House cyber-security co-ordinator Rob Joyce said the US and its allies had "high confidence" that Russia was behind the "broad campaign".
Intelligence gathered by the US and UK suggested that millions of machines directing data around the net were being targeted, he said.
Compromised devices were used to look at data passing through them, added Mr Joyce. Attackers also sought to undermine the firewalls and intrusion detection systems organisations used to spot malicious traffic before it reached users

 

[LASER_oneXM]

A joint alert issued by the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the United Kingdom's National Cyber Security Centre (NCSC) warns that Russian state-sponsored cyber actors are actively targeting home and enterprise routers.
US and UK officials say Russian state-sponsored hackers have been historically targeting Internet routing equipment in order "to conduct man-in-the-middle attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations."

Routers targeted because they're easy to hack
Authorities have been tracking attacks dating back to 2016, a joint Technical Alert (TA) published on the US-CERT website today revealed.
"Network devices are ideal targets," the alert reads. "Most or all organizational and customer traffic must traverse these critical devices. A malicious actor with presence on an organization’s gateway router has the ability to monitor, modify, and deny traffic to and from the organization."
"Whoever controls the routing infrastructure of a network essentially controls the data flowing through the network," officials warned.

Hacks leveraged default creds, misconfigured devices, old flaws

At the technical level, attacks varied in methodology, scope, and purpose. Officials said Russian actors have exploited routers with outdated firmware, weak credentials, and misconfigured features to gain a foothold on vulnerable devices.
Hacked devices ranged from small home routers to ISP-grade routers and firewalls, with attackers trying to hoard as many systems as possible.
Attack vectors include Telnet, TFTP, SNMP, and SMI —protocols often found on routers, known to include vulnerabilities and easy to botch configuration options.