| |

Russian threat actors exploit outdated Cisco vulnerabilities to target critical infrastructure organizations.

ByAdmin

A threat group linked to the Russian Federal Security Service’s (FSB) Center 16 unit, known as Static Tundra, has been exploiting an old vulnerability (CVE-2018-0171) to compromise unpatched and end-of-life Cisco networking devices. The FBI and Cisco have reported that the primary targets of this group include organisations in the telecommunications, higher education, and manufacturing sectors across North America, Asia, Africa, and Europe. Victims are selected based on their strategic importance to the Russian government. Over the past year, the FBI has detected these actors collecting configuration files from thousands of networking devices associated with US entities in critical infrastructure sectors. In some cases, the actors modified configuration files to enable unauthorised access, allowing them to conduct reconnaissance within victim networks, particularly focusing on protocols and applications linked to industrial control systems.

CVE-2018-0171 arises from improper validation of packet data, which attackers can exploit by sending a specially crafted Smart Install message to a vulnerable device on TCP port 4786. This action can trigger a device reload and execute arbitrary code, but only if the unpatched device has the Smart Install client feature enabled. Following the public disclosure of this vulnerability, vigilante hackers began targeting network devices in data centres in Russia and Iran. Static Tundra is characterised as a sophisticated threat actor engaged in long-term espionage operations. The group is also believed to be associated with the historic use of ‘SYNful Knock,’ a malicious implant that provides persistent backdoor access to compromised Cisco devices. Static Tundra targets unpatched and often end-of-life network devices to establish initial access, subsequently pivoting further into target environments to compromise additional devices and maintain long-term access for information gathering. 

Categories: Cybersecurity Threats, Espionage Operations, Vulnerability Exploitation 

Tags: Threat Group, Russian Federal Security Service, CVE-2018-0171, Cisco Networking Devices, Unauthorized Access, Static Tundra, Espionage Operations, Industrial Control Systems, Configuration Files, Long-term Persistence 

Similar Posts

|

Introducing the iStorage datAshur PRO+C Encrypted USB Flash Drive: The Ultimate Secure Storage Solution. This high-performance USB drive features advanced encryption technology to protect your sensitive data, ensuring maximum security for your files. With its robust design and user-friendly interface, the iStorage datAshur PRO+C is perfect for professionals and individuals seeking reliable and secure data storage. Safeguard your information with this top-tier encrypted USB flash drive today!

Leave a Reply

Your email address will not be published. Required fields are marked *