The Finnish Security and Intelligence Service (SUPO) and the National Cyber Security Centre (NCSC-FI) of Traficom warned people in Finland about Russia’s practice of exploiting poorly secured home routers and other network devices for cyber espionage, said SUPO in a press release on Wednesday.
An international joint operation by authorities has successfully disrupted cyber espionage activity by Russia’s military intelligence service GRU by preventing the use of a global cyber espionage network made up of compromised network devices.
From Finland, the SUPO and the NCSC-FI took part in the operation led by the United States Federal Bureau of Investigation (FBI).
A cyber threat actor linked to the GRU, also known as APT28, Fancy Bear and Forest Blizzard, has in recent years made extensive use of poorly secured home routers as part of its global cyber espionage infrastructure.
The international joint operation targeted TP-Link routers compromised by the GRU that had not been patched against vulnerability CVE-2023-50224.
This vulnerability allows an attacker to send a request to the device that reveals passwords or keys stored on it, thereby enabling the attacker to take control of the device.
The GRU has used compromised network devices to spy on device users by modifying the devices’ domain name system (DNS) settings. This has enabled adversary-in-the-middle attacks and the decryption of encrypted network traffic.
Compromised network devices have also been used as part of an operational security (OPSEC) infrastructure, which both disguises cyber espionage traffic as ordinary network traffic and makes it more difficult to detect, identify and trace the perpetrator.
The GRU’s interests have included non-disclosable information relating to military activities, central government and critical infrastructure.
In Finland, SUPO and the NCSC-FI worked together to counter cyber threats targeting Finland and carried out via Finland.
During the joint operation, the authorities informed the owners of at-risk routers, cleaned devices that the GRU had the capability to compromise and blocked the GRU’s access to the devices in cooperation with their owners.
However, Russian intelligence services pose a continuous and long-term intelligence and cyber threat to Finland, and disabling a single network of compromised devices does not remove the threat.
The authorities warned that Russia is using poorly secured internet-connected network devices worldwide to gather intelligence. The purpose of the warning is to encourage device owners and cybersecurity professionals to reduce the opportunities for online espionage through their own actions.
A poorly secured router can, without the owner’s knowledge, enable cyber espionage or other malicious activity.
People in Finland were urged to improve network security by taking care of their own network devices.
The authorities also suggested that devices, applications and software should be kept up to date and updates should be installed regularly.
- Home
- Router
- Hacking
- Russia
- Warned
Source: www.dailyfinland.fi
