Russian Cyber Actors use compromised routers according to NSA
On February 27, the National Security Agency (NSA) announced that it has joined the Federal Bureau of Investigation (FBI) and other partners to publish a Cybersecurity Advisory (CSA), “Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations,” outlining observed tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and mitigation recommendations for EdgeRouter users and other network defenders.
The Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center, also known as APT28, Fancy Bear, and Forest Blizzard, has used compromised Ubiquiti EdgeRouters to harvest credentials, collect digests, proxy network traffic, and host spearphishing landing pages and custom tools. Academic and research institutions, embassies, defense contractors, and political parties are among the victims.
“No part of a system is immune to threats,” said Rob Joyce, NSA’s Director of Cybersecurity. “As we have seen, adversaries have exploited vulnerabilities in servers, in software, in devices that connect to systems, in user credentials, in any number of ways. Now, we see Russian state-sponsored cyber actors abusing compromised routers and we are joining this CSA to provide mitigation recommendations.”
Ubiquiti EdgeRouters have a user-friendly, Linux-based operating system that makes them popular among both consumers and malicious cyber actors. The devices often ship with default credentials and have limited firewall protections. Additionally, EdgeRouters will not automatically update their firmware unless configured by the consumer.
Recommended mitigations in the CSA include performing a hardware factory reset, upgrading to the latest firmware version, changing any default usernames and passwords, and implementing strategic firewall rules on WAN-side interfaces.
Source: NSA
Stay in the know with breaking news from across the IC and IC contracting landscape by becoming a paid subscriber to IC News. Your support makes our work possible.