HeadlinesBriefing favicon HeadlinesBriefing.com

US Warns Russian Hackers Targeting Home Routers

Ars Technica •
×

The federal government is warning users of home and small office routers to secure their devices as Russian Federal Security Service (FSB) Center 16 cyber actors continue to mass-compromise them for use in obscuring nefarious actions against sensitive organizations. Both the Russian and Chinese governments have been compromising routers for years, sometimes in prolonged tugs-of-war to wrest control of devices the other has already commandeered.

CISA said Monday that Russian hacking groups tracked as Berserk Bear, Energetic Bear, Crouching Yeti, Dragonfly, Ghost Blizzard, and Static Tundra exploit poorly configured networking devices worldwide, opportunistically compromising critical infrastructure sector networks. The advisory was co-issued by governments including Australia, Denmark, New Zealand, and the UK.

The primary means of compromise involves hackers scanning IP ranges with active SNMP agents that accept common or default authentication credentials. These scans are run by the very router botnets the actors are trying to enroll targeted devices in. By sending malicious traffic from spoofed addresses, hackers use the SNMP agent on poorly configured routers to run malware.

Google and other companies have worked to disrupt massive botnets controlling compromised routers, but operators simply replace botnets with new ones in a whack-a-mole exercise.