U.S. and Britain warn businesses worldwide of Russian campaign to hack routers

U.S. and British officials say millions of users worldwide have been targeted by a Russian campaign to compromise computer routers and firewalls for espionage and possibly sabotage purposes.
(Elise Amendola / Associated Press)

The U.S. and British governments on Monday accused Russia of conducting a massive campaign to compromise computer routers and firewalls around the world — from home offices to internet service providers — for espionage and possibly sabotage purposes.

The unusual public warning from the White House, U.S. agencies and Britain’s National Cyber Security Center results from monitoring the threat for more than a year. It was the two countries’ first such joint alert.

“We have high confidence that Russia has carried out a coordinated campaign to compromise ... routers, residential and business — the things you and I have in our home,” said Rob Joyce, the White House cybersecurity coordinator.

Officials say millions of users worldwide have been targeted.


“We condemn the actions and hold the Kremlin responsible for the malicious activities,” said Jeannette Manfra, the chief cybersecurity official for the Department of Homeland Security.

The move is unrelated to the administration’s recent strikes in Syria, which Russia condemned. Rather it is part of a broader ongoing effort by the U.S. government to call out bad behavior in cyberspace and impose costs as a deterrent.

“When we see malicious cyberactivity, whether it be from the Kremlin or other malicious actors, we’re going to push back,” Joyce said.

The U.S. and British governments jointly tracked the latest campaign, which has targeted millions of machines globally, said Ciaran Martin, chief executive of Britain’s NCSC, the government’s central cybersecurity agency.


The aim seems to be to “seize control” over the machines that connect networks to the internet and, in the case of Internet providers, to gain access to their customers for espionage or other purposes, he said.

These network devices make “ideal targets,” Manfra said. Most traffic within a company or between organizations traverses them. So a hacker can monitor, modify or disrupt it, she said. And they’re usually not secured at the same level as a network server.

“Once you own the router, you own the traffic that’s traversing the router,” she said.

The agencies, which include the FBI, do not know how many routers, firewalls and switches have been compromised and to what extent. They are seeking the cooperation of home-office and private-sector business owners in sharing information if they determine their networks have been compromised.


Monday’s announcement is the latest in a series of related moves by the Trump administration, which in recent months has publicly blamed Russia for launching the NotPetya worm that has been characterized as the costliest and most damaging cyberattack in history. It also recently publicized that Russia had targeted the U.S. energy grid with computer malware and slapped fresh sanctions on Russian hackers for illicit cyberactivity.

The U.S. government also has obtained indictments against Iranian hackers and accused North Korea of being behind the WannaCry computer worm that affected more than 230,000 computers around the world.