Russian hackers exploit six-year-old Cisco flaw to attack US government agencies

Photo of author

By Webdesk


APT28, a state-sponsored hacking group run by Russian military intelligence, is exploiting a six-year-old vulnerability in Cisco routers to deploy malware and conduct surveillance, the US and UK governments said.

In a joint advisory Tuesday, the US cybersecurity agency CISA, the FBI, the NSA and the UK’s National Cyber ​​Security Center detail how the Russian-backed hackers in 2021 exploited the vulnerabilities of Cisco routers to target European organizations and attack the US government. institutions. The advisory said the hackers had also hacked “about 250 Ukrainian victims”, whom the agencies did not name.

APT28, also known as Fancy Bear, is known for conducting a series of cyber-attacks, espionage, and hack-and-leak information operations on behalf of the Russian government.

According to the joint advisory, the hackers exploited a remotely exploitable vulnerability patched by Cisco in 2017 to deploy a custom malware called “Jaguar Tooth,” which is designed to infect unpatched routers.

To install the malware, the threat actors scan for Internet-facing Cisco routers using the standard or easy-to-guess SNMP community string.

SNMP, or Simple Network Management Protocol, allows network administrators to remotely access and configure routers in lieu of a username or password, but can also be exploited to obtain sensitive network information.

Once installed, the malware exfiltrates information from the router and provides unobtrusive backdoor access to the device, the agencies said.

Matt Olney, director of threat intelligence at Cisco Talos, said in a blog post that this campaign exemplifies “a much broader trend of advanced adversaries targeting network infrastructure to advance espionage objectives or position them for future destructive activity.”

“Cisco is deeply concerned about an increase in highly sophisticated network infrastructure attacks – which we have observed and confirmed by numerous reports from various intelligence organizations – indicating that state-sponsored actors worldwide are targeting routers and firewalls.” Olney said.

Olney added that in addition to Russia, China has also been seen attacking network equipment in several campaigns.

Earlier this year, Mandiant reported that Chinese state-backed attackers exploited a zero-day vulnerability in Fortinet devices to launch a series of attacks against government organizations.



Source link

Share via
Copy link