US/UK warn Russia to hack into global routers

On Monday, the British and American intelligence agencies issued another warning about potential cyber threats related to Russia. The special task force stated that this group of hackers has received the support of the Russian government in order to hijack the global router and may have achieved a certain degree of success. Attack targets include Internet service providers, governments, small businesses, and SOHO. The United States Computer Emergency Readiness Team (CERT) issued a warning that hackers appear to be trying to take over the network infrastructure.

A team of joint security experts from the US Department of Homeland Security (DHS), FBI, and the National Cyber Security Centre (NCSC) in the United Kingdom have discovered that they have enabled Generic Routing Encapsulation (GRA) on devices in certain countries, Cisco Smart Install (SMI), and Simple Network Management Protocol (SNMP). Forbes reports that Rob Joyce, special assistant to the president and cybersecurity coordinator at the National Security Council briefed the media ahead of the announcement stating with “high confidence” that Russia was behind the attacks.

Ciaran Martin, director of the NCSC in the UK, added that the attack dates back a year ago and does not rule out that Russia may try to use this hacked infrastructure to initiate further operations.

The CERT report points out that as a means of executing a man-in-the-middle attack, hackers intend to penetrate routers, switches, firewalls, and network intrusion detection systems.

Attack vectors used by hackers are old or vulnerable protocols related to network management on ports. According to the researchers, the attacker exploited the following flaws:

• devices with legacy unencrypted protocols or unauthenticated services,
• devices insufficiently hardened before installation, and
• devices no longer supported with security patches by manufacturers or vendors (end-of-life devices).

For more information on this report, please also visit the CERT website.

Source: TechSpot

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy

Written by

@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.