UK, US and Australia accuse Russia of targeting network infrastructure

The US Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI), and the UK’s National Cyber Security Centre (NCSC) have released a joint Technical Alert (TA18-106A) about Russian state-sponsored cyber actors targeting network infrastructure devices. The attack targeted routers, switches, firewalls, and the Network Intrusion Detection System (NIDS) of government and private-sector organizations, critical infrastructure providers, and the Internet service providers (ISPs) supporting these sectors. It is linked to the Cisco Smart Install Client misuse, reported earlier. According to the alert, FBI has high confidence that Russian state-sponsored cyber actors are using compromised routers to conduct man-in-the-middle attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations. The Australian authorities also joined the US and the UK in the allegations.