The government urged everyone from vendors to small home businesses to assess weak protocols and service ports as "the current state of USA network devices - coupled with a Russian government campaign to exploit these devices - threatens the safety, security, and economic well-being of the United States".
Joyce said that the attacks point to the broader vulnerability of the growing ecosystem of Internet-connected devices, often called the "internet of things", and the need for companies to take security into account when developing cutting-edge technologies.
Taylor was advised by Australian intelligence agencies and their counterparts in allied countries of the attacks on commercial routers.
These "cyber actors" are identifying vulnerable devices to break into, where they can extract device configurations, harvest login details, and control the traffic that goes through the router.
They are then using these compromised routers to conduct man-in-the-middle (MitM) attacks for cyber espionage or stealing intellectual property.
The attacks on "network infrastructure devices" - routers, switches and firewalls - were meant to gain access to government and critical infrastructure targets.
According to the Sunday Times, British spy officials have also prepared for Russia-based hackers to leak embarrassing information on United Kingdom politicians and other high-profile people following the attack on the Skripals.
On March 15, US-CERT issued a similar alert saying the Federal Bureau of Investigation and DHS had determined that Russian Government "cyber actors" had sought to infiltrate US agencies as well as "organisations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors".
"Extracted configuration files may contain sensitive information, such as device administrative credentials, and could be used to compromise the router/switch and enable targeting of other devices on the network".
"Whoever controls the routing infrastructure of a network essentially controls the data flowing through the network", officials warned. "When a malicious actor has access to this, they can monitor, modify, or deny traffic to an organization or from an organization externally". Those outdated devices included routers and devices that had a default or no password and devices that were no longer supported.
The report did not name victims or the number of successful attacks.
Manufacturers and ISPs are asked to not support out-of-date, unencrypted, or unauthenticated protocols and services.
"We assess the goals of the campaign include espionage and intellectual property theft", he said.
Security officials in the UK, US and Australia have accused Russian Federation of hacking into machines and using them as part of an espionage campaign against the West since 2015.