Your Wi-Fi router could be helping Russian hackers, confirms US government in new warning | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker


TL;DR: US and allied agencies warn Russian state-backed hackers (Energetic Bear, Dragonfly, Static Tundra) are exploiting misconfigured or vulnerable home and small-business routers worldwide to gain persistent access, mask activity, and launch attacks on sectors like communications, defense, finance, and government; users should change default passwords, update firmware, monitor DNS, disable SNMP and Cisco Smart Install, and use encrypted passwords.

Federal agencies have issued a stark warning to the public about Russia’s state-backed hackers actively attempting to compromise home and small-business routers.

VIEW GALLERY – 3 IMAGES

According to the Cybersecurity and Infrastructure Security Agency (CISA), Russian cyber actors including groups tracked as Energetic Bear, Dragonfly, and Static Tundra are exploiting misconfigured or vulnerable networking devices to gain persistent access. These groups use compromised routers to mask their activities and launch further attacks once access has been gained. The advisory was co-issued with partners in Australia, Denmark, New Zealand, and the UK, as authorities have discovered these efforts are global and not just targeting the United States.

Russian and Chinese state actors have been attempting to infiltrate and compromise devices for many years now, and in some instances their efforts have paid off as critical infrastructure has been compromised and data has been extracted. While agencies like the FBI have temporarily disrupted botnets by resetting DNS settings, attackers simply rebuild their networks.

According to CISA, once a device has been compromised, the hackers then use it to launch additional attacks at various industries, such as communications, defense, finance, and government bodies. The idea is that since the compromised router is being used as a means of attack, cybersecurity defenses may be reduced since the attack is coming from a trusted IP, increasing the likelihood of bypassing firewalls or other prevention techniques.

Frequently Asked Questions

TweakBot answers common questions about this news using TweakTown’s own coverage from this page and related content from our archive. Tap a question to reveal the answer, or type your own below.

Question #1

Which router models are specifically mentioned or implicated in the CISA advisory as being targeted by Russian state-backed groups?

The CISA advisory described in the article does not name or implicate any specific router models. It instead warns generally about misconfigured or vulnerable home and small-business routers and recommends actions such as changing default passwords, updating firmware, disabling SNMP, and disabling Cisco Smart Install.

Answered

Question #2

How do attackers use compromised home or small-business routers to mask their activity and bypass network defenses?

Question #3

What immediate configuration changes does CISA recommend to secure routers against these attacks?

Question #4

How can I check my router’s DNS settings for signs of compromise as described in the advisory?

Have a question not listed here? Ask below and TweakBot will answer it.

Users are urged to secure their routers immediately by changing default passwords, updating firmware, and monitoring DNS settings for any irregular activity. CISA recommends disabling SNMP, disabling Cisco Smart Install, and using encrypted passwords.



Click Here For The Original Source.

——————————————————–

..........

.

.

National Cyber Security

FREE
VIEW