UK, US and Australia accuse Russia of targeting network infrastructure
The US Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI), and the UK’s National Cyber Security Centre (NCSC) have released a joint Technical Alert (TA18-106A) about Russian state-sponsored cyber actors targeting network infrastructure devices. The attack targeted routers, switches, firewalls, and the Network Intrusion Detection System (NIDS) of government and private-sector organizations, critical infrastructure providers, and the Internet service providers (ISPs) supporting these sectors. It is linked to the Cisco Smart Install Client misuse, reported earlier. According to the alert, FBI has high confidence that Russian state-sponsored cyber actors are using compromised routers to conduct man-in-the-middle attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations. The Australian authorities also joined the US and the UK in the allegations.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.