Cyber threat of the week

Happy Election Day. Here’s your cyber threat of the week. What’s a growing trend among hackers looking to get into firms whose networks are well defended? Hijacking their IT infrastructure and processes to deploy malware. In one case uncovered in the last three months, hackers developed a fake upgrade to a U.S. based telecommunications company’s ...

By , a former national security reporter for Foreign Policy.
Getty Images
Getty Images
Getty Images

Happy Election Day. Here's your cyber threat of the week.

Happy Election Day. Here’s your cyber threat of the week.

What’s a growing trend among hackers looking to get into firms whose networks are well defended? Hijacking their IT infrastructure and processes to deploy malware.

In one case uncovered in the last three months, hackers developed a fake upgrade to a U.S. based telecommunications company’s Internet routers. That upgrade actually contained malware; once the firm’s IT staff distributed the upgrade, that malware was pushed to the computers that connected to the company’s networks.

"We had an adversary group that was inside of a company — they had been there for a while — and we discovered that they had identified the part of the company that did router upgrades," said Richard Bejtlich, chief security officer at the cyber security firm Mandiant.  

"What these guys had done is gotten a copy of the image [of the router’s software design], they had decompiled it, they had then added malicious features into that router image and pre-positioned it where the IT [administrators] for the company would then copy it out to the [firm’s] routers," where they would be free to roam throughout the firm’s network.

How did hackers steal the router plans?

"You can get them in two places. One is you can get them from the enterprise itself — they have their repository of images ready to go — or if you have a Cisco connection online, you can download it yourself. While it’s sort of a niche affair, there are people who specialize in ripping apart Cisco [router] images," said Bejtlich.

Defending against this is relatively simple, he said.

"If you validated the signature" associated with the router upgrade to find out whether it is legit, "I guarantee you’d catch it," said Bejtlich.

While this hack caught was caught just before the company’s IT administrators were about to distribute the upgrade, Bejtlich said that other companies are probably not as lucky.

John Reed is a former national security reporter for Foreign Policy.

More from Foreign Policy

Children are hooked up to IV drips on the stairs at a children's hospital in Beijing.
Children are hooked up to IV drips on the stairs at a children's hospital in Beijing.

Chinese Hospitals Are Housing Another Deadly Outbreak

Authorities are covering up the spread of antibiotic-resistant pneumonia.

Henry Kissinger during an interview in Washington in August 1980.
Henry Kissinger during an interview in Washington in August 1980.

Henry Kissinger, Colossus on the World Stage

The late statesman was a master of realpolitik—whom some regarded as a war criminal.

A Ukrainian soldier in helmet and fatigues holds a cell phone and looks up at the night sky as an explosion lights up the horizon behind him.
A Ukrainian soldier in helmet and fatigues holds a cell phone and looks up at the night sky as an explosion lights up the horizon behind him.

The West’s False Choice in Ukraine

The crossroads is not between war and compromise, but between victory and defeat.

Illustrated portraits of Reps. MIke Gallagher, right, and Raja Krishnamoorthi
Illustrated portraits of Reps. MIke Gallagher, right, and Raja Krishnamoorthi

The Masterminds

Washington wants to get tough on China, and the leaders of the House China Committee are in the driver’s seat.