The United States and Britain on Monday alleged that Russian government-backed hackers had infected computer routers around the world in a cyber espionage campaign that targeted government agencies, businesses and critical infrastructure operators.
U.S. and British officials told reporters in a conference call that they planned to issue a joint alert on the attacks, which targeted routers that form a key part of the internet infrastructure in a cyber espionage campaign that could be leveraged in the future to launch offensive attacks.
"When we see malicious cyber activity, whether it be from the Kremlin or other malicious nation-state actors, we are going to push back," said Rob Joyce, the White House cybersecurity coordinator.
The White House in February blamed Russia for the devastating 'NotPetya' cyber attack in 2017, joining the British government in condemning Russia for unleashing a virus that crippled parts of Ukraine's infrastructure and damaged computers across the globe.
U.S. intelligence agencies have concluded that Moscow interfered in the 2016 presidential campaign and a federal prosecutor is investigating whether President Donald Trump's campaign colluded with Russians to sway the vote. Both Moscow and Trump have denied the allegations.
The U.S. and British governments said they planned to issue a joint report on Monday afternoon providing technical details on the attacks so that organizations can determine whether they have been hacked and thwart similar future hacking attempts.
The governments asked victims to report any infections so they can better understand the impact of the campaign.
- Israel thwarted numerous cyberattacks from all over the world, Shin Bet security chief says
- Israeli startup that scrambles electronic images to foil hackers raises $4 million
- Murder by mouseclick: Hackers targeting hospitals aren't just the stuff of horror novels
"We don't have full insight into the scope of the compromise," said Jeanette Manfra, a cybersecurity official for the U.S. Department of Homeland Security.
U.S. and British officials said the infected routers could be used to launch future offensive cyber operations.
"They could be pre-positioning for use in times of tension," said Ciaran Martin, chief executive of the British government's National Cyber Security Centre cyber defense agency, who added that "millions of machines" were targeted.
The Russian attacks affected a wide range of organizations including internet service providers, private-sector firms and critical infrastructure providers, the officials said.
Martin said authorities have been tracking the campaign for about a year and the tactics behind them for longer.
"We in the UK can independently corroborate all of the detection work in this report to validate the assessment of U.S. colleagues, and we can also confirm that all of the attacks mentioned in this report have directly affected the UK," he said.
Manfra said the campaign was widespread and can cover "everything from large enterprises to small home offices."