The U.S., U.K. and Australia have all accused Russia of being behind the mass hacking of computer networks around the world since 2017. Russian state-sponsored hackers are using the attacks to conduct espionage and to steal intellectual property, the countries said.
This is the second time this year that the U.S. and U.K. have attributed cyberattacks on Russia, following their unprecedented attribution in February of last year’s extremely expensive NotPetya attack. It is also the first time that British and American agencies have combined such an announcement with technical advice on countering the threat, aimed at organizations who might be affected.
The new announcement, which comes in the context of tensions over Syria, relates to attacks on government and private-sector organizations, as well as critical infrastructure providers. The Internet service providers serving these organizations were also targeted, according to a joint statement by the U.S.’s Federal Bureau of Investigation (FBI) and Department of Homeland Security, and the National Cyber Security Centre division of the U.K.’s GCHQ intelligence agency.
According to the Monday statement, Russian government hackers targeted networking equipment such as routers, switches and firewalls, as well as the systems that are intended to detect intrusion into networks.
“We condemn this latest activity in the strongest possible terms and we will not accept nor tolerate any malign foreign cyber operations, intrusions, or compromises—to include influence operations,” said Jeanette Manfra, the chief cybersecurity official at Homeland Security. “We call on all responsible nations to use their resources—including diplomatic, law enforcement, technical, and other means—to address the Russian cyber threat.”
In addition to casting blame, the agencies recommended that vulnerable organizations review network device logs and traffic data for telltale signs of the Russian intrusions, and they set out measures that firms can take to better protect themselves. They also advised equipment manufacturers not to design products that support outdated or unencrypted network protocols.
The Australian government joined its British and American allies on Tuesday in blaming Russia for the attacks. However, Australian cybersecurity minister Angus Taylor claimed there was “no indication Australian information has been successfully compromised.”
“Commercially available routers were used as a point of entry, demonstrating that every connected device is vulnerable to malicious activity,” Taylor said in a statement. “This attempt by Russia is a sharp reminder that Australian businesses and individuals are constantly targeted by malicious state and non-state actors, and we must maintain rigorous cybersecurity practices.”