United States and United Kingdom officials said on Monday that state-sponsored actors from Russia are behind a cyberattack that targets “network infrastructure devices” such as government and private-sector organizations and internet service providers (ISPs).
“FBI has high confidence that Russian state-sponsored cyber actors are using compromised routers to conduct man-in-the-middle attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations,” the United States Computer Emergency Readiness Team (US-CERT) said in a statement.
The “malicious cyber activity” is referred to as “Grizzly Steppe” by U.S. officials.
In a joint conference call, White House cybersecurity coordinator Rob Joyce directly blamed Russia for the attacks and said there would be retaliation, according to the Guardian.
“We are pushing back and we are pushing back hard,” he said.
U.S. officials said they have been receiving information about “cyber actors” exploiting routers and switches across the globe since 2015 and determined it to be carried out by the Russian government. The attacks can extract passwords, intellectual property and other information, according to ArsTechnica.
“These operations enable espionage and intellectual property that supports the Russian Federation’s national security and economic goals,” US-CERT wrote.
The alert from US-CERT warned that network devices are “ideal targets” that could allow people to monitor, modify, and deny traffic from the device.
You can read all of US-CERT’s alert about Grizzly Steppe here.