Cisco and FBI Alert on Russian Hacking Campaign Aiming at End-of-Life Devices

The United States Federal Bureau of Investigation and Cisco’s Talos Intelligence group have issued a warning to organisations globally regarding a state-backed Russian threat actor exploiting a historical vulnerability in end-of-life Cisco networking devices that utilise Cisco Smart Install. This hacking group is identified as a unit of the Russian Federal Security Service’s Centre 16. The group is tracked by Talos as Static Tundra and is also referred to as Berserk Bear and Dragonfly by other cybersecurity analysts.

In an advisory released on August 20, the FBI reported that the actors have been collecting configuration files from thousands of networking devices linked to US entities across critical infrastructure sectors over the past year. On certain vulnerable devices, the actors modified configuration files to gain unauthorised access. This unauthorised access allowed them to conduct reconnaissance within victim networks, indicating their interest in protocols and applications typically associated with industrial control systems. The threat actor is targeting CVE-2018-0171, a vulnerability that, if unpatched, could enable a remote attacker to execute a denial-of-service attack or run code on a vulnerable device. 

Categories: Cybersecurity Threats, Vulnerability Exploitation, State-Sponsored Hacking 

Tags: FBI, Cisco, Vulnerability, Devices, Threat, Actor, Configuration, Access, Reconnaissance, Infrastructure