Russian Hackers Mass-Exploit Routers in Homes, Govs, and Infrastructure
This is why you should:
- Use the securest settings you can operate under
- Regularly and automatically check for router updates
- Periodically actively check and review your router config
- Once a quarter slag your router down to factory defaults and re-patch the IOS to current
- Perform periodic pen tests
- Do a weekly cold boot PM
Hackers working on behalf of the Russian government are compromising large numbers of routers, switches, and other network devices belonging to governments, businesses, and critical-infrastructure providers, US and UK officials warned Monday.
The Russian government-sponsored actors are using the compromised devices to perform man-in-the-middle attacks that extract passwords, intellectual property, and other sensitive information and to lay the groundwork for potential intrusions in the future, the officials continued. The warning was included in a technical alert jointly issued by the US Department of Homeland Security and FBI and the UK’s National Cyber Security Center.
“Since 2015, the US government received information from multiple sources—including private- and public-sector cybersecurity research organizations and allies—that cyber actors are exploiting large numbers of enterprise-class and SOHO/residential routers and switches worldwide,” Monday’s technical alert stated. “The US government assesses that cyber actors supported by the Russian government carried out this worldwide campaign. These operations enable espionage and intellectual property that supports the Russian Federation’s national security and economic goals.”