The Canadian Centre for Cyber Security (Cyber Centre) has joined the United States’ Federal Bureau of Investigation (FBI), the National Security Agency (NSA) and other domestic and international partners in releasing a cyber security advisory on Russian General Staff Main Intelligence Directorate (GRU) exploiting vulnerable routers worldwide.
This joint advisory warns that Russian GRU threat actors are exploiting vulnerable routers to intercept and steal sensitive military, government, and critical infrastructure information. International law enforcement partners recently disrupted a GRU network of compromised small-office home-office (SOHO) routers used to facilitate malicious Domain Name System (DNS) hijacking operations.
This joint advisory aims to alert network defenders and device owners and encourage them to take actions to remediate and reduce the attack surface of similar edge devices. Users of SOHO routers are encouraged to:
- upgrade end-of-support devices
- update to latest firmware versions
- change default usernames and passwords
- disable remote management interfaces from the Internet
Consult the full joint advisory: Russian GRU exploiting vulnerable routers to steal sensitive information