National Cyber Security Centre
Joint US - UK statement on malicious cyber activity carried out by Russian government
The NCSC, FBI and DHS have issued a joint Technical Alert about malicious cyber activity carried out by the Russian Government.
Yesterday, the U.S. Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI), and the UK’s National Cyber Security Centre (NCSC) released a joint Technical Alert about malicious cyber activity carried out by the Russian Government.
The targets of this malicious cyber activity are primarily government and private-sector organisations, critical infrastructure providers, and the internet service providers (ISPs) supporting these sectors.
Specifically, these cyber exploits are directed at network infrastructure devices worldwide such as routers, switches, firewalls, and the Network Intrusion Detection System (NIDS).
Network device vendors, ISPs, public sector organisations, private sector corporations and small-office/home-office customers should read the alert (TA18-106A) and act on the recommended mitigation strategies. The alert contains indicators of compromise, technical details on the tactics, techniques and procedures (TTPs), and contextual information regarding observed behaviors on the networks of compromised victims.
Russian state-sponsored actors are using compromised routers to conduct spoofing ‘man-in-the-middle’ attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations. Multiple sources, including private and public-sector cyber security research organisations and allies, have reported this activity to the U.S. and UK governments.
Jeanette Manfra, National Protection and Programs Directorate (NPPD) Assistant Secretary for Cybersecurity and Communications yesterday said:
“Russian government activities continue to threaten our respective safety, security, and the very integrity of our cyber ecosystem. We condemn this latest activity in the strongest possible terms and we will not accept nor tolerate any malign foreign cyber operations, intrusions, or compromises —to include influence operations. We call on all responsible nations to use their resources—including diplomatic, law enforcement, technical, and other means—to address the Russian cyber threat.
“Through information sharing programs like Automated Indicator Sharing (AIS), we are building the capacity for collective defense to minimize threats between U.S. and UK network devices. While DHS cannot protect every network at all times, we can ensure that we are all collectively empowered to secure our networks through government and industry working together.
“Cyber security is a shared responsibility, and we understand that identifying a threat in one organisation’s network can prevent an attack in another. Yesterday’s joint Technical Alert is an example of how we are working with allies and partners to prevent cyber actors from impacting critical infrastructure to the fullest extent possible. Although this is the first time the NCSC is included as an author in a DHS and FBI joint product, our collaborative work has proved useful and effective in response to previous cyber related events. I look forward to continuing this important partnership as we work against these threats.”
Howard Marshall, FBI Deputy Assistant Director yesterday said:
"The activity highlighted today is part of a repeated pattern of disruptive and harmful malicious cyber action carried out by the Russian government.
"As long as this type of activity continues, the FBI will be there to investigate, identify and unmask the perpetrators, in this case, the Russian government. The joint Technical Alert released today underscores our commitment to working with our partners, both at home and abroad, to combat malicious cyber activity and hold those responsible accountable. We do not make this attribution lightly and will hold steadfast with our partners."
Ciaran Martin, CEO of the National Cyber Security Centre yesterday said:
“Russia is our most capable hostile adversary in cyberspace so tackling them is a major priority for the National Cyber Security Centre and our U.S. allies. This is the first time that in attributing a cyber attack to Russia the U.S. and the UK have, at the same time, issued joint advice to industry about how to manage the risks from the attack. It marks an important step in our fight back against state-sponsored aggression in cyberspace.
“For over twenty years, GCHQ has been tracking the key Russian cyber attack groups and today’s joint UK-U.S. alert shows that the threat has not gone away. The UK government will continue to work with the U.S., other international allies and industry partners to expose Russia’s unacceptable cyber behaviour, so they are held accountable for their actions.
“Many of the techniques used by Russia exploit basic weaknesses in network systems. The NCSC is leading the way globally to automate defences at scale to take away some of those basic attacks, thereby allowing us to focus on the most potent threats.”
Anyone who finds signs of the malicious activity described in TA18-106A is encouraged to report them to DHS’s National Cybersecurity and Communications Integration Center (NCCIC), FBI, NCSC or law enforcement immediately.
Latest News from
National Cyber Security Centre
Statement: Marriott International data breach03/12/2018 14:15:00
The latest NCSC statement following reports of a data breach affecting Marriott International
GCHQ and the NCSC publish the UK Equities Process30/11/2018 11:15:00
GCHQ, and the National Cyber Security Centre, have a proud history of discovering and disclosing security weaknesses in all manner of technologies.
Top tips to shop safe online on Black Friday published as the NCSC encourages public to have a ‘cyber chat’23/11/2018 16:05:00
The NCSC is encouraging the public to have a 'cyber chat' to shop safely online during Black Friday.
NCSC to discuss drives to help cyber security thrive in Scotland23/11/2018 09:15:00
Security experts take part in multi-agency meetings to help cyber security thrive in Scotland.
Innovative cyber ideas chosen to benefit from NCSC Accelerator programme21/11/2018 09:15:00
The NCSC's Cyber Accelerator programme has announced the companies making up its third cohort.
NCSC’s advice in response to the increase in sextortion scams02/11/2018 12:15:00
Advice from the National Cyber Security Centre in response to the increase in sextortion scams.
Ciaran Martin's speech at the Annual Review 2018 launch17/10/2018 11:42:00
Ciaran Martin speaking at the launch event for the 2018 Annual Review (16th October)
NCSC deals with 1,100 cyber attacks in first two years17/10/2018 09:15:00
On its second anniversary, the NCSC has revealed it has defended the UK from an average of more than 10 attacks per week.