The Government Communications Security Bureau has pointed the finger at Russia for cyber attacks, as the US and Britain blame that country for a massive global campaign.

The US and British governments have accused Russia of conducting a campaign to compromise computer routers and firewalls around the world - from home offices to internet providers - for espionage and possibly sabotage purposes.

Stuff today reported that Government Communications Security Bureau director-general Andrew Hampton said there were indications Russian state and state-sponsored actors were behind some of the 122 incidents identified in a report that had "indicators of connection to foreign intelligence agencies".

"New Zealand organisations were subject to both direct and indirect threats," Hampton said. "Motivation for these incidents includes espionage and revenue generation."

Advertisement

In the 12 months to June last year 122 of the 396 serious incidents recorded by the GCSB's National Cyber Security Centre involved indicators that have previously been linked to state-sponsored actors.

The unusual public warning from the White House, US agencies and Britain's National Cyber Security Centre follows a years-long effort to monitor the threat. The targets number in the millions, officials said, and included "primarily government and private-sector organisations, critical infrastructure providers, and the internet service providers (ISPs) supporting these sectors".

It was the two countries' first such joint alert.

"We have high confidence that Russia has carried out a coordinated campaign to compromise ... routers, residential and business - the things you and I have in our home," said Rob Joyce, the White House cybersecurity coordinator.

"We condemn the actions and hold the Kremlin responsible for the malicious activities," said Jeanette Manfra, the chief cybersecurity official for the Department of Homeland Security.

The warning is unrelated to the administration's recent military strikes on suspected chemical weapons facilities in Syria, action Russia condemned. Rather, it is part of a broader ongoing effort by the US government to call out bad behaviour in cyberspace and impose costs as a deterrent.

"When we see malicious cyber activity, whether it be from the Kremlin or other malicious actors, we're going to push back," Joyce said.

The announcement is the latest in a series of related moves by the Trump Administration, which in recent months has publicly blamed Russia for launching the NotPetya worm that has been characterised as the costliest and most destructive cyber attack in history.

It also recently announced that Russia had targeted the US energy grid with computer malware, and it slapped fresh sanctions on Russian hackers for illicit cyber activity.

The US government also has obtained indictments against Iranian hackers, and accused North Korea of being behind the WannaCry computer worm that affected more than 230,000 computers around the world.

The US and British governments jointly tracked the latest campaign, which has targeted millions of machines globally, said Ciaran Martin, chief executive of Britain's NCSC, the government's central cybersecurity agency.

The aim seems to be to "seize control" of the machines that connect networks to the internet, and in the case of internet providers, to gain access to their customers, for espionage or other purposes, he said.

These network devices make "ideal targets", said Manfra, Homeland Security's assistant secretary for cybersecurity and communications. Most traffic within a company or between organisations traverses them. So a hacker can monitor, modify or disrupt it, she said. And they're usually not secured at the same level as a network server.

"Once you own the router, you own the traffic that's traversing the router," she said.

The agencies, which include the FBI, do not know precisely how many routers, firewalls and switches have been compromised and to what extent. They are seeking the cooperation of home office and private-sector business owners in sharing information if they determine their networks have been compromised.

In its alert, DHS described the hackers' techniques, from scanning internet address spaces to exploiting routers, switches and network intrusion-detection devices.

US officials said this year that Russian military hackers compromised routers in South Korea in January and deployed new malware when the Olympics began in February. It was not clear whether that compromise was part of the same campaign.