Foreign hackers are looking to exploit vulnerabilities in Americans’ internet routers and the FBI is offering tips for securing your home or office routers after it announced actions it took to crack down on a Russian hacking unit.
Last week, the FBI and Justice Department announced that they conducted a court-authorized operation to neutralize a U.S. portion of a network of small office/home office (SOHO) routers that were compromised by a unit within Russia’s Main Intelligence Directorate of the General Staff (GRU) Military Unit 26165.
The GRU used the routers to facilitate malicious Domain Name System (DNS) hijacking operations against worldwide targets of intelligence interest to the Russian government, including individuals in the military, government, and critical infrastructure sectors. They used known vulnerabilities to steal credentials for thousands of TP-Link routers, manipulating those routers’ settings to direct requests to GRU-controlled servers.
“The FBI has determined that Russian GRU cyber actors have compromised vulnerable routers in the U.S. and around the world, hijacking them to conduct espionage,” Brett Leatherman, assistant director of the FBI’s Cyber Division, told FOX Business. “Unsuspecting Americans in at least 23 states owned routers that were exploited by Russian military intelligence. Given the scale of this threat, the FBI conducted a court-authorized operation to disrupt the GRU’s access to compromised devices within the U.S.”
US BANS NEW FOREIGN-MADE CONSUMER INTERNET ROUTERS OVER SECURITY CONCERNS
The operation involved collecting evidence from the compromised routers, resetting their DNS settings to ensure they aren’t directed to the GRU’s DNS resolvers and preventing Russia from exploiting the original means of access.
The government said in court documents that it extensively tested the operation on firmware and hardware for affected TP-Link routers, and other than blocking the GRU’s access, it didn’t impact the routers’ normal functionality or collect the legitimate users’ content information.
CRYPTO FRAUD TOPS FBI’S ANNUAL CRIME REPORT AS AMERICANS LOSE BILLIONS TO SCAMS
Leatherman said that, “Along with that effort, the FBI, NSA, and international partners from 15 countries released a Public Service Announcement with technical information and defensive guidance. While rebooting your router can mitigate some threats, it will not address this one.”
The PSA encourages users of SOHO devices to replace end-of-life and end-of-support routers; upgrade to the latest available firmware; verify the authenticity of DNS resolvers listed in router settings; and review and implement firewall settings to prevent the unwanted exposure of remote management systems.
MICROSOFT IDENTIFIES CHINESE HACKING GROUPS BEHIND PERSISTENT SHAREPOINT SERVER ATTACKS
Users are also encouraged to navigate to the official TP-Link website and review documentation for their affected in the download center to learn about proper configurations. Additionally, they should ensure their routers are upgraded to the latest firmware and review the end-of-life products list to determine if their routers should be replaced.
“We urge all owners of small office/home office (SOHO) routers to replace end-of-support devices, update to the latest firmware versions, change default usernames and passwords, disable remote management interfaces from the internet, and stay alert for certificate warnings in web browsers and email clients,” Leatherman said.
Take the remediation steps outlined in our PSA, because defending our networks requires all of us,” he added.
Read the full article here
