The Australian Government has banded together with the United States and United Kingdom in accusing Russia of carrying out malicious global cyber attacks in 2017 targeting commercially available routers.
Based on advice from Australian intelligence agencies, and in consultation with its allies, the Australian Government said it has determined that Russian state-sponsored actors were responsible for targeting Cisco networking gear last year.
In a statement, Australia's Minister for Law Enforcement and Cyber Security, Angus Taylor, said that while a significant number of Australian organisations have been affected by this activity, there is no indication Australian information had been successfully compromised.
Moreover, The Australian Cyber Security Centre has engaged relevant Australian organisations, including through their internet service providers, to provide mitigation advice.
Taylor said that the incidents were unacceptable and that the Australian Government calls on all countries, including Russia, not to take actions that could lead to damage of critical infrastructure that provide services to the public.
“Commercially available routers were used as a point of entry, demonstrating that every connected device is vulnerable to malicious activity,” Taylor said.
“This attempt by Russia is a sharp reminder that Australian businesses and individuals are constantly targeted by malicious state and non-state actors, and we must maintain rigorous cyber security practices.
“A strong alliance between Australia and the United States is crucial if we are to prevent and develop strong defences to state-sponsored cyber incidents.”
This is not the first time Taylor has joined the US and the UK in blaming Russia for state-sponsored cyber attacks, with the Minister saying in February that intelligent agency advice suggested Russia was behind the global "NotPetya" malware attacks last year and that the Australian Government condemned the country's behaviour.
Taylor is currently in the US meeting with government counterparts, including secretary of homeland security, Kirstjen Nielsen, along with senior officials in the Department of Justice and the Federal Bureau of Investigation to discuss cyber security and law enforcement priorities, including responses to cyber threats.
On Monday 16 April, Washington and London issued a joint alert saying the campaign by Russian government-backed hackers was intended to advance spying, intellectual property theft and other "malicious" activities and could be escalated to launch offensive attacks.
The Australian Government, the New Zealand Government, the US and the UK, along with other nations accused Russia in February of targeting systems around the world with "NotPetya" malware in 2017, which crippled parts of Ukraine's infrastructure as well as damaging computers across the globe.
It should be noted that Moscow has denied previous accusations that it carried out cyber attacks on the United States and other countries.
Russia's embassy in London issued a statement citing British accusations of cyber threats from Moscow as "striking examples of a reckless, provocative and unfounded policy against Russia."
US intelligence agencies have also accused Russia of interfering in the 2016 election with a hacking and propaganda campaign supporting Donald Trump's campaign for president, as well as blaming Russia for a campaign of cyber attacks that targeted the US power grid.
American and British officials said that the attacks disclosed on Monday affected a wide range of organisations including internet service providers, private businesses and critical infrastructure providers. They did not identify victims or provide details on the impact of the attacks.
(Additional reporting by Reuters' Jim Finkle and Doina Chiacu; Estelle Shirbon in London, John Walcott and Makini Brice in Washington and Jack Stubbs and Maxim Rodionov in Moscow; Writing by Will Dunham; Editing by James Dalgleish).