The White House, FBI, Department of Homeland Security and British officials announced Monday that Russian state-sponsored actors targeted millions of internet routers in the United States, the United Kingdom and worldwide.
US and UK officials said that they have “high confidence” that cyber actors supported by the Russian government have carried out a coordinated campaign to gain access to these routers.
“It provides basic infrastructure that they can launch from,” one top U.S. official said.
The “purpose of these attacks could be espionage, it could be the theft of intellectual property, and of course, it could be pre-positioning for use in times of tension,” said Ciaran Martin, Chief Executive of the UK’s National Cyber Security Centre (NCSC).
The operation targeted government and private organizations, including even small businesses and residential homes, and also allowed the Russian-sponsored actors to go after “high-value targets,” an official said.
Officials from the U.S. and U.K. said that for nearly a year now they have been investigating the massive cyber hacking of routers found in homes and business across the U.S. and U.K.
“This is a global threat,” said top DHS official, Jeanette Manfra. “Once you own the router, you own the traffic.”
This type of attack allows hackers to monitor modify and deny traffic; and it allows them to harvest credentials and passwords of unsuspecting users, explained officials.
The operation involved a “sustained targeting of multiple entities” over several months, said Martin.
Specifically, the hackers were exploiting default passwords on users’ routers, and exploiting unsecured devices in homes and business.
One way to protect against this is for Americans and others to change the passwords on their routers, the officials said. The FBI said it is asking the public for help to “remediate” these vulnerabilities, and the Trump administration’s cyber czar, Rob Joyce, said the U.S. government needs the public’s help to “undercut the Russian capability to use this as a tool against the world.”
This is the first time that the U.S. and U.K. governments have issued a joint bulletin on this matter.