US, UK blame Russia for coordinated cyberattacks on internet devices worldwide

Senior U.S. and British officials on Monday blamed the Russian government for coordinated cyberattacks against internet infrastructure worldwide in an effort to conduct espionage and intellectual property theft. 

Officials said that Russian hackers have been conducting a months-long cyber campaign against network devices used by government organizations, private industry, critical infrastructure operators, and internet service providers. The hackers have tried to breach routers, switches and firewalls in an effort to breach organizations across the globe, officials said.

ADVERTISEMENT

White House cybersecurity coordinator Rob Joyce said that the hackers were likely conducting the attacks for spying purposes or intellectual property theft, but said the access could also be used to facilitate future offensive activity. 

“When we see malicious cyber activity, whether it be from the Kremlin or other nation-state actors, we are going to push back,” Joyce told reporters Monday.

Officials at the Department of Homeland Security, FBI and Britain’s National Cyber Security Centre conducted a joint investigation into the activity. Officials said that the attacks spanned several months, though noted that they do not have a full picture of the scope of the activity.

U.S. and British officials released an unprecedented joint technical alert on the malicious Russian activity Monday

.Officials said that Russia targeted “millions” of network devices as part of the coordinated campaign, including small office/home office routers and residential routers. It is unclear to what extent the attacks were successful, though officials noted they have confirmed some successful breaches.

“These devices actually make ideal targets,” said Jeanette Manfra, the top Homeland Security cybersecurity official. “When a malicious actor has access to this, they can monitor, modify, or deny traffic to an organization or from an organization externally.”

According to the technical alert, the hackers looked for security weaknesses in network devices that they could exploit in order to gain access. The methods allowed the hackers to intermittently and persistently access "U.S. critical infrastructure that supports the health and safety of the U.S. population," the alert says. 

Joyce said Monday that the Trump administration is prepared to use all elements of national power, including “offensive” capabilities, to push back on Russian attacks. 

Monday's move is part of a broader push by the Trump administration to call out Russia and other nation states for sponsoring malicious cyber activity. 

Earlier this year, the administration publicly blamed Moscow for the global notPetya malware attack, labeling it the most costly and destructive in history. The administration has also sanctioned Russia for alleged cyber activity, including interference in the 2016 presidential election, after coming under pressure from lawmakers who accused President Trump of going soft on Moscow.  

Homeland Security officials also revealed in March that Russian hackers staged a multiyear cyber campaign to infiltrate the U.S. energy grid and other critical infrastructure.  

The administration also blamed North Korea for the massive Wanna Cry cyberattack that crippled Britain's national health system last year. 

Joyce said that the attacks point to the broader vulnerability of the growing ecosystem of Internet-connected devices, often called the "internet of things," and the need for companies to take security into account when developing cutting-edge technologies. 

“This means building devices from the ground up to be secure by design,” Joyce said. 

This story was updated at 3 p.m.