The FBI said it is asking the public for help to "remediate" these vulnerabilities, and the Trump administration's cyber czar, Rob Joyce, said the us government needs the public's help to "undercut the Russian capability to use this as a tool against the world".
"We have high confidence that Russian Federation has carried out a coordinated campaign to gain access to enterprise, small office, home office routers known as SOHO routers and residential routers, and the switches and connectors worldwide", said Rob Joyce, special assistant to the President and cybersecurity coordinator at the White House, speaking to journalists.
The alert follows an advisory notice released by the NCSC earlier this month which warned that companies connected to British critical national infrastructure were being targeted by attackers, citing cybersecurity reports which suggested the hackers were based in eastern Europe. The report "provides information on the worldwide cyber exploitation of network infrastructure devices (e.g., router, switch, firewall, Network-based Intrusion Detection System (NIDS) devices) by Russian state-sponsored cyber actors". Those routers were compromised to carry out so-called "man-in-the-middle" attacks where data going between computers and internet servers is intercepted, the NCSC said.
"We condemn the actions and hold the Kremlin responsible for the malicious activities", said Jeanette Manfra, the chief cybersecurity official for the Department of Homeland Security. Any compromised hardware might even be used as a foundation for future attacks, the alert theorized.
"The activity highlighted today is part of a repeated pattern of disruptive and harmful malicious cyber action carried out by the Russian government", Federal Bureau of Investigation deputy assistant director Howard Marshall said in a statement online.
While it the extent of the attack remains unclear, Ciaran Martin, head of the UK's NCSC, noted that numerous machines targeted had been "seized by hackers", adding that hacks were being tracked by British intelligence from a year ago.
That's according to a joint announcement by American and British cyber cops.
"Russia is not planning to conduct any cyber attacks against the United Kingdom".
Officials said they had "high confidence" that the Russian government was behind the campaign.
Speaking at the CyberUK event in Manchester last week, Jeremy Fleming, the head of GCHQ, warned that the nerve agent attack in Salisbury "demonstrates how reckless Russian Federation is prepared to be".