​The U.S. Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI), and the UK’s National Cyber Security Centre (NCSC) have today issued a joint Technical Alert about malicious cyber activity carried out by the Russian government.



​To ​summarize the alert - It claims hackers tied to the Russian government have attempted to compromise millions of routers and firewalls across the Internet, from enterprise-focused network equipment to the ​basic routers in homes and small businesses across the world. The report warns that the attacks "enable espionage and intellectual property [theft] that supports the Russian Federation’s national security and economic goals," The alert ​offers technical advice about how to detect and stop those attacks.



The joint statement can be read here as well as the issued advisory.



This is odd activity to pick up and alert on as the UK and US government hackers and particularly those in the NSA and GCHQ perform broad intrusions across the world for espionage, too. Many nations hack routers like the ones mentioned in Monday's alert, based on what we k​now from classified leaks.



Calling out Russia for the same sort of spying the 5 eye nations routinely ​perform​ as well only blurs the red line of what is not acceptable on the cyber front line - such as disruptive attacks on civilian infrastructure, power or interfering in elections, which do warrant alerts.



This latest alert seems to be about politics! Russians hacking routers with default passwords isn't big news.



The real red lines that Russia has crossed previously includes its blackout-inducing cyberwar in Ukraine, its leaks of stolen Clinton campaign documents in the 2016 presidential election, and the NotPetya outbreak that struck civilian infrastructure and organizations globally, now believed to be the most costly cyberattack in history.



To be fair the alert may be more about warning that ​Russia are laying a foundation for future offensive operations. Plus some geopolitics all rolled into one.



Don't ​use default passwords. Patch your stuff. Stick to the usual security best practices. Its just another day in cyberspace.



