FBI Alerts About Russian Hackers Taking Advantage of 7-Year-Old Cisco Vulnerability
The Federal Bureau of Investigation (FBI) has issued a warning regarding hackers associated with Russia’s Federal Security Service (FSB) targeting critical infrastructure organisations. These attacks exploit a seven-year-old vulnerability in Cisco devices, specifically the CVE-2018-0171 flaw in the Smart Install feature of Cisco IOS and Cisco IOS XE software. The state-backed hacking group, known as Berserk Bear (also referred to as Blue Kraken, Crouching Yeti, Dragonfly, and Koala Team), has been breaching organisations globally. Successful exploitation of this vulnerability allows unauthenticated threat actors to remotely trigger device reloads, potentially leading to denial-of-service (DoS) conditions or enabling arbitrary code execution. Over the past year, the FBI has detected these actors collecting configuration files from thousands of networking devices linked to US entities across critical infrastructure sectors.
Cisco first identified attacks targeting the CVE-2018-0171 flaw in November 2021 and has since updated its advisory, urging administrators to secure their devices promptly. Cisco Talos, the company’s cybersecurity division, reported that the Russian threat group, tracked as Static Tundra, has aggressively exploited this vulnerability to compromise unpatched devices in telecommunications, higher education, and manufacturing sectors across North America, Asia, Africa, and Europe. The attackers have employed custom SNMP tooling for persistence on compromised devices and have used the SYNful Knock firmware implant, first discovered in 2015. The threat is not limited to Russian operations, as other state-sponsored actors are likely conducting similar campaigns. Comprehensive patching and security hardening are essential for all organisations to mitigate these risks.
Categories: Cybersecurity Threats, Vulnerabilities in Networking Devices, State-Sponsored Hacking Activities
Tags: FBI, Hackers, Russia, FSB, Critical Infrastructure, Cisco, Vulnerability, CVE-2018-0171, Exploits, Cybersecurity