UK and US warn of Russia cyber attacks in a joint statement
BRITAIN and the United States have issued an unprecedented formal warning about “malicious cyber activity” by the Russian government.
The UK National Cyber Security Centre (NCSC) joined with the FBI and US Department of Homeland Security to issue a joint “technical alert” setting out the threat to industry.
It warns Russian state-sponsored actors are using “compromised routers” to conduct spoofing “man-in-the-middle” attacks to “support espionage, extract intellectual property, maintain persistent access to victim networks and potentially lay a foundation for future offensive operations”.
A joint UK-US statement said “multiple sources” – including private and public sector cyber security research organisations and allies – had reported such activity to the US and UK governments.
It said the current state of US and UK network devices, coupled with a Russian government campaign to exploit these devices, “threatens our respective safety, security, and economic wellbeing”.
NCSC chief executive Ciaran Martin said: “Russia is our most capable hostile adversary in cyberspace, so dealing with their attacks is a major priority for the National Cyber Security Centre and our US allies.
“This is the first time that, in attributing a cyber attack to Russia, the US and the UK have at the same time issued joint advice to industry about how to manage the risks from attacks.
“It marks an important step in our fight back against statesponsored aggression in cyberspace. For over 20 years, GCHQ has been tracking the key Russian cyber attack groups and today’s joint UK-US alert shows that the threat has not gone away.
“The UK Government will continue to work with the US, other international allies and industry partners to expose Russia’s unacceptable cyber behaviour so they are held accountable for their actions.
“Many of the techniques used by Russia exploit basic weaknesses in network systems. The NCSC is leading the way globally to issue advice and automate defences at scale to remove those basic attacks, thereby allowing us to focus on the most potent threats.”
The joint statement said the targets of attacks have been primarily government and private sector organisations, critical infrastructure providers and the internet service providers (ISPs) which support these sectors. Specifically, it said they had been directed at network infrastructure devices worldwide such as routers, switches, firewalls and network intrusion detection systems (NIDS).
> Ciaran Martin