Newsletter IconFacebook IconX IconThreads IconInstagram IconYouTube IconPinterest Icon
Giveaway: Win an NZXT H6 RGB+ Case, Kraken Elite AIO, RGB Fans and 1200W PSU

Your Wi-Fi router could be helping Russian hackers, confirms US government in new warning

US agencies warn that Russia's state-backed hackers are actively compromising home and small business routers worldwide in an ongoing cyber campaign.

Your Wi-Fi router could be helping Russian hackers, confirms US government in new warning
Comments
Tech and Science Editor
Published
1 minute & 15 seconds read time
TL;DR: US and allied agencies warn Russian state-backed hackers (Energetic Bear, Dragonfly, Static Tundra) are exploiting misconfigured or vulnerable home and small-business routers worldwide to gain persistent access, mask activity, and launch attacks on sectors like communications, defense, finance, and government; users should change default passwords, update firmware, monitor DNS, disable SNMP and Cisco Smart Install, and use encrypted passwords.
Voice: Jak Connor
0:00 / 2:10
Use left and right arrow keys to seek audio.

Federal agencies have issued a stark warning to the public about Russia's state-backed hackers actively attempting to compromise home and small-business routers.

Your Wi-Fi router could be helping Russian hackers, confirms US government in new warning 2

According to the Cybersecurity and Infrastructure Security Agency (CISA), Russian cyber actors including groups tracked as Energetic Bear, Dragonfly, and Static Tundra are exploiting misconfigured or vulnerable networking devices to gain persistent access. These groups use compromised routers to mask their activities and launch further attacks once access has been gained. The advisory was co-issued with partners in Australia, Denmark, New Zealand, and the UK, as authorities have discovered these efforts are global and not just targeting the United States.

Russian and Chinese state actors have been attempting to infiltrate and compromise devices for many years now, and in some instances their efforts have paid off as critical infrastructure has been compromised and data has been extracted. While agencies like the FBI have temporarily disrupted botnets by resetting DNS settings, attackers simply rebuild their networks.

According to CISA, once a device has been compromised, the hackers then use it to launch additional attacks at various industries, such as communications, defense, finance, and government bodies. The idea is that since the compromised router is being used as a means of attack, cybersecurity defenses may be reduced since the attack is coming from a trusted IP, increasing the likelihood of bypassing firewalls or other prevention techniques.

Frequently Asked Questions

TweakBot answers common questions about this news using TweakTown's own coverage from this page and related content from our archive. Tap a question to reveal the answer, or type your own below.

Question #1

Which router models are specifically mentioned or implicated in the CISA advisory as being targeted by Russian state-backed groups?

The CISA advisory described in the article does not name or implicate any specific router models. It instead warns generally about misconfigured or vulnerable home and small-business routers and recommends actions such as changing default passwords, updating firmware, disabling SNMP, and disabling Cisco Smart Install.
Answered
Question #2

How do attackers use compromised home or small-business routers to mask their activity and bypass network defenses?

Attackers exploit misconfigured or vulnerable home and small-business routers to gain persistent access and then use those compromised devices to launch further attacks. Because the malicious activity is coming from a trusted router IP, it can mask the attackers origins and increase the likelihood of bypassing firewalls and other prevention techniques. Users are therefore urged to secure routers by changing default passwords, updating firmware, and monitoring DNS settings for irregular activity.
Answered
Question #3

What immediate configuration changes does CISA recommend to secure routers against these attacks?

CISA recommends immediately changing default passwords, updating router firmware, and monitoring DNS settings for any irregular activity. It also advises disabling SNMP, disabling Cisco Smart Install, and using encrypted passwords.
Answered
Question #4

How can I check my router's DNS settings for signs of compromise as described in the advisory?

The advisory says to monitor your router's DNS settings for any irregular activity and to secure the device immediately by changing default passwords and updating firmware. It also recommends disabling SNMP, disabling Cisco Smart Install, and using encrypted passwords as additional protections.
Answered

Have a question not listed here? Ask below and TweakBot will answer it.

Users are urged to secure their routers immediately by changing default passwords, updating firmware, and monitoring DNS settings for any irregular activity. CISA recommends disabling SNMP, disabling Cisco Smart Install, and using encrypted passwords.

Photo of the ASUS RT-AX86U Pro

Best Deals: ASUS RT-AX86U Pro

Prices last scanned 5 hours and 29 minutes ago

* Prices may be inaccurate. As an Amazon Associate, we earn from qualifying purchases. We earn affiliate commission from any Newegg or PCCG sales.

News Source:arstechnica.com

Comments

Tech and Science Editor

Email IconX IconLinkedIn Icon

Jak joined TweakTown in 2017 and has since reviewed 100s of new tech products and kept us informed daily on the latest science, space, and artificial intelligence news. Jak's love for science, space, and technology, and, more specifically, PC gaming, began at 10 years old. It was the day his dad showed him how to play Age of Empires on an old Compaq PC. Ever since that day, Jak fell in love with games and the progression of the technology industry in all its forms.

Stay Updated

Follow TweakTown for breaking tech news, reviews, and daily updates.

Add TweakTown as a preferred source on GoogleFind TweakTown on Apple News
Newsletter Subscription