FBI Alerts on FSB-Connected Hackers Targeting Unpatched Cisco Devices for Cyber Espionage

ByAdmin

A Russian state-sponsored cyber espionage group known as Static Tundra has been actively exploiting a seven-year-old security flaw in Cisco IOS and Cisco IOS XE software to establish persistent access to target networks. Cisco Talos disclosed that the attacks primarily target organisations in the telecommunications, higher education, and manufacturing sectors across North America, Asia, Africa, and Europe. Victims are selected based on their “strategic interest” to Russia, with recent efforts particularly focused on Ukraine and its allies since the onset of the Russo-Ukrainian War in 2022. The vulnerability in question, CVE-2018-0171, has a critical CVSS score of 9.8 and resides in the Smart Install feature of Cisco software, allowing unauthenticated remote attackers to trigger denial-of-service conditions or execute arbitrary code.

Static Tundra is believed to be linked to the Federal Security Service’s (FSB) Centre 16 unit and has been operational for over a decade, focusing on long-term intelligence gathering. The group is considered a sub-cluster of other known entities such as Berserk Bear, Crouching Yeti, Dragonfly, Energetic Bear, and Havex. The U.S. Federal Bureau of Investigation (FBI) has reported that FSB cyber actors are exploiting the Simple Network Management Protocol (SNMP) and unpatched networking devices to target entities globally. These attacks involve collecting configuration files from thousands of networking devices associated with U.S. critical infrastructure. Attackers modify these configuration files to facilitate unauthorised access and conduct reconnaissance within victim networks, deploying custom tools like SYNful Knock, a router implant that maintains persistence within compromised networks. 

Categories: Cyber Espionage, Network Vulnerabilities, Targeted Attacks 

Tags: Static Tundra, Cyber Espionage, Cisco IOS, Vulnerability, CVE-2018-0171, Telecommunications, Higher Education, Manufacturing, SNMP, Reconnaissance 

Leave a Reply

Your email address will not be published. Required fields are marked *