The United States and United Kingdom on Monday charged that Russian government-backed hackers have infected computer routers around the world in a cyber espionage campaign that targeted government agencies, businesses and critical infrastructure operators.
U.S and U.K. officials told reporters in a conference call that they plan to issue a joint alert on the attacks, which target routers that form a key part of the internet infrastructure, in a cyber espionage campaign that could be levered in the future to launch offensive attacks.
"When we see malicious cyber activity, whether it be from the Kremlin or other malicious nation state actors, we are going to push back," said Rob Joyce, the White House cyber security coordinator.
U.S. and U.K. officials said the infected routers could be leveraged to launch future offensive cyber operations.
"They could be pre-positioning for use in times of tension," said Ciaran Martin, chief executive of the British government's National Cyber Security Centre cyber defense agency, who added that "millions of machines" were targeted in the campaign.
The Russian attacks have affected a wide range of organizations including internet service providers, private-sector firms and critical infrastructure providers, the officials said.
Martin said authorities have been tracking the campaign for about a year and the tactics behind them for longer.
"We in the U.K. can independently corroborate all of the detection work in this report to validate the assessment of U.S. colleagues, and we can also confirm that all of the attacks mentioned in this report have directly affected the U.K.," he said.
The British government condemned what it and the United States have described as a Russian government-backed campaign of cyber espionage as another example of Moscow's disregard for international rules.
"This is yet another example of Russia's disregard for international norms and global order – this time through a campaign of cyber espionage and aggression, which attempts to disrupt governments and de-stabilize business," a British government spokesman said.
"The attribution of this malicious activity sends a clear message to Russia – we know what you are doing and you will not succeed."