Following the disruption of a cyber attack by Russian actors involving several small-office home-office (SOHO) Wi-Fi routers, the FBI and U.S. Department of Justice is urging everyone to reset their routers.
According to a Public Service Announcement from the FBI: “Russian General Staff Main Intelligence Directorate (GRU) cyber actors are exploiting vulnerable routers worldwide to intercept and steal sensitive military, government, and critical infrastructure information.”
A press release from the Department of Justice states that Russian military hackers used several American home and office routers to “facilitate malicious Domain Name System (DNS) hijacking operations against worldwide targets of intelligence interest to the Russian government, including individuals in the military, government, and critical infrastructure sectors.”
“GRU actors compromised routers in the US and around the world, hijacking them to conduct espionage. Given the scale of this threat, sounding the alarm wasn’t enough,” stated Assistant Director Brett Leatherman of FBI’s Cyber Division. “The FBI conducted a court-authorized operation to harden compromised routers across the United States. We urge all router owners to take the remediation steps outlined today, because defending our networks requires all of us. The FBI will continue to use its authorities to identify and impose costs on state-sponsored actors who target the American people.”
The FBI, NSA, and co-sealing agencies encourage SOHO router users to change default usernames and passwords, disable remote management interfaces from the Internet, update to latest firmware versions, and upgrade end-of-support devices. Users should also carefully consider certificate warnings in web browsers and email clients.
Organizations with remote workers are also urged to review relevant online security policies and consider the use of virtual private networks (VPNs) or hardened application configurations.
The National Security Agencies encourages Americans to read the following guidance to learn about best practices for home network security:
• “APT28 Exploit Routers to Enable DNS Hijacking Operations”
• “Best Practices for Securing Your Home Network”
• Edge Device Security
• “Reducing the Attack Surface for End-Of-Support Edge Devices”
