Cybersecurity officials from the United States and Britain issued a rare joint technical alert Monday, accusing Russia of engaging in malicious activity to support espionage or steal intellectual property.
The alert is a response to attacks that have targeted millions of private and government computer networks worldwide — through equipment like routers, switches and firewalls, the U.S. Department of Homeland Security, FBI and Britain’s National Cyber Security Centre said in a joint statement.
“FBI has high confidence that Russian state-sponsored cyber actors are using compromised routers to conduct man-in-the-middle attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations,” the alert states.
FBI Deputy Asst. Director Howard Marshall said the alert underscores the United States’ commitment to fighting malicious cyber activity.
“The activity highlighted today is part of a repeated pattern of disruptive and harmful malicious cyber action carried out by the Russian government,” Marshall said Monday. “As long as this type of activity continues, the FBI will be there to investigate, identify and unmask the perpetrators, in this case, the Russian government.”
Jeanette Manfra, DHS assistant secretary for cybersecurity, said the alert is a “call for all responsible nations to use their resources — including diplomatic, law enforcement, technical, and other means — to address the Russian cyber threat.”
“Russian government activities continue to threaten our respective safety, security, and the very integrity of our cyber ecosystem,” she said. “We condemn this latest activity in the strongest possible terms.
“We will not accept nor tolerate any malign foreign cyber operations, intrusions, or compromises.”
Officials have encouraged companies and individuals to protect their equipment by changing passwords and configuring devices to prevent them from being hijacked.
Anyone who finds signs of the malicious activity described in the joint alert is encouraged to report them to the DHS National Cybersecurity and Communications Integration Center, FBI or NCSC.
By Susan McFarland