Reflecting the current, evolving threat posed to both public and private sector organisations in cyber space, on 16th April 2018 the United Kingdom and United States published a joint Technical Alert concerning malicious cyber activity carried out by the Russian Government.
The UK National Cyber Security Centre (NCSC), US Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) warned that the Russian Government was carrying out a number of offensive cyber activities, primarily targeting government and private-sector organisations, critical infrastructure providers, and the internet service providers (ISPs) supporting these sectors. These malign activities had a range of desired outcomes, including using compromised routers to conduct spoofing ‘man-in-the-middle’ attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations.
As highlighted by Ciaran Martin, CEO of the NCSC, Russia is the UK’s most capable cyber adversary and that this joint alert represents the first time the UK and US have jointly attributed responsibility to Russia, whilst providing practical advice to allow industry to mitigate the risks posed. Given the wide range of potential targets and associated risks, it is recommended that anyone who considers that they may be a potential target of such activities consult the NCSC website for further information, which is available here. This website also contains the technical details and mitigation strategies as outlined by the UK and US Governments. Any UK company who detects malicious activity should report it to the NCSC and other relevant law enforcement agencies.