The United States and United Kingdom joined forces in an unprecedented move on April 16 to warn that Russian cyberattacks are being launched against the network infrastructure of government and private business users. It was the first time the U.S. and U.K. governments have “issued joint advice to all sectors that might have been compromised,” the Guardian reports.
In the warning, formally called a joint Technical Alert, the Department of Homeland Security, FBI and the U.K.’s National Cyber Security Centre say that Russian state-sponsored cyberactors are engaged in a “worldwide cyber exploitation” of network infrastructure devices, such as routers, switches, firewalls and Network-based Intrusion Detection System devices. The targets are primarily government and private-sector organizations, critical infrastructure providers, and the internet service providers supporting these sectors, according to the warning.
The warning also came a month after DHS and the FBI reported that they had determined that “Russian government cyberactors” had launched “a multi-stage intrusion campaign” that targeted the networks of small commercial facilities in the energy and other critical infrastructure sectors.
The new warning provides technical details on the nature of the attacks and steps that agencies and organizations can take to mitigate their vulnerabilities. Top American and British cybersecurity officials also warned about potential retaliation if any damage has been done.
“When we see malicious cyberattacks, whether from the Kremlin or other nation-state actors, we are going to push back,” Rob Joyce, a special assistant to the president and the cybersecurity coordinator for the National Security Council, said in joint conference call with journalists by senior officials in Washington and London, according to the New York Times. That would include “all elements of U.S. power available to push back against these kinds of intrusions,” he added, including “our capabilities in the physical world.”
Jeanette Manfra, the assistant secretary for the office of cybersecurity and communications at DHS' National Protection and Programs Directorate, and other officials said on the call that agencies need to make sure their router software is patched and up-to-date. “Once you own the router, you own the traffic,” she said on the call, Bloomberg News reports.
According to the Guardian, Ciaran Martin, the chief executive of the NCSC, which works closely with the surveillance agency GCHQ, said: “This is a very significant moment as we hold Russia to account.”