Russian State-Sponsored Cyber Actors Targeting Network Infrastructure

Yesterday, US-CERT posted a bulletin about Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices ( https://www.us-cert.gov/ncas/alerts/TA18-106A ).
Our take on this is that this is something one must always assume to be happening, and if the bulletin is accurate then it’s not something Russia is alone in doing:
https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant/
https://www.engadget.com/2016/08/21/nsa-technique-for-cisco-spying/

It is vital to have critical controls in place to protect against these types of attacks, and to be prepared to take action based on concrete Indicators of Compromise provided in alerts and threat intelligence. Basefarm is a member of FIRST.org, TF-CSIRT and Swedish CERT-Forum, which helps us gather intelligence such as this in a timely manner.

 

(Blogpost image by Erik Mandre, “Karu-Ursus arctos-Erik Mandre.jpg“, Creative Commons Attribution-Share Alike)