Statement from Russian malicious cyber activity

“This is yet another example of Russia’s disregard for international norms and global order – this time through a campaign of cyber espionage and aggression, which attempts to disrupt governments and de-stabilise business.

“The attribution of this malicious activity sends a clear message to Russia – we know what you are doing and you will not succeed.

“This Government will stand steadfast alongside its allies to counter this threat and our world-leading experts at the National Cyber Security Centre will continue to strengthen our cyber security capabilities and protect UK interests.”

JOINT US-UK STATEMENT:

Today, the US Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI) and the UK’s National Cyber Security Centre (NCSC) released a joint Technical Alert (TA) about malicious cyber activity carried out by the Russian Government.

The targets of this malicious cyber activity are primarily government and private-sector organisations, critical infrastructure providers and the Internet Service Providers (ISPs) supporting these sectors.

Specifically, these cyber exploits were directed at network infrastructure devices worldwide such as routers, switches, firewalls, Network Intrusion Detection System (NIDS).

Network device vendors, Internet Service Providers (ISPs), public sector organisation, private sector corporations and small office home office (SOHO) customers should read this report and act on the recommended mitigation strategies.

This alert contains indicators of compromise (IOCs), technical details on the tactics, techniques and procedures (TTPs) and contextual information regarding observed behaviours on the networks of compromised victims.

Russian state-sponsored actors are using compromised routers to conduct spoofing ‘man-in-the-middle’ attacks to support espionage, extract intellectual property, maintain persistent access to victim networks and potentially lay a foundation for future offensive operations. Multiple sources including private and public-sector cybersecurity research organisations and allies have reported this activity to the US and UK governments.

The current state of US and UK network devices, coupled with a Russian Government campaign to exploit these devices, threatens our respective safety, security, and economic well-being.

Ciaran Martin, CEO of the National Cyber Security Centre said:

“Russia is our most capable hostile adversary in cyberspace so dealing with their attacks is a major priority for the National Cyber Security Centre and our US allies.

“This is the first time that in attributing a cyber attack to Russia the US and the UK have, at the same time, issued joint advice to industry about how to manage the risks from attacks. It marks an important step in our fight back against state-sponsored aggression in cyberspace.

“For over twenty years, GCHQ has been tracking the key Russian cyber-attack groups and today’s joint UK-US alert shows that the threat has not gone away. The UK government will continue to work with the US, other international allies and industry partners to expose Russia’s unacceptable cyber behaviour, so they are held accountable for their actions.

“Many of the techniques used by Russia exploit basic weaknesses in network systems. The NCSC is leading the way globally to issue advice and automate defences at scale to remove those basic attacks, thereby allowing us to focus on the most potent threats.”