Six Year Old Cisco Vulnerability targeted by Cyber Criminals
APT28, a state-sponsored hacking group affiliated with Russian military intelligence, has been exploiting a six-year-old vulnerability in Cisco routers to deploy malware and conduct surveillance, according to a joint advisory issued by the US and UK governments on Tuesday. The US cybersecurity agency CISA, alongside the FBI, NSA, and the UK’s National Cyber Security Centre, detailed how the Russia-backed hackers targeted European organisations and US government institutions throughout 2021 by exploiting Cisco router vulnerabilities. Notably, the advisory also revealed that the hackers attacked approximately 250 Ukrainian victims, whose identities were not disclosed.
The hacking group, also known as Fancy Bear, has a history of conducting cyber attacks, espionage, and hack-and-leak information operations on behalf of the Russian government. According to the joint advisory, the hackers exploited a remotely exploitable vulnerability that Cisco had patched in 2017 to deploy custom-built malware called “Jaguar Tooth”, designed to infect unpatched routers. The threat actors scanned for internet-facing Cisco routers using default or easy-to-guess SNMP community strings, which allowed them to install the malware. SNMP (Simple Network Management Protocol) enables network administrators to remotely access and configure routers, but can also be misused to obtain sensitive network information. Once installed, the malware exfiltrated data from the router and provided stealthy backdoor access to the device, the agencies stated.
Matt Olney, Director of Threat Intelligence at Cisco Talos, highlighted in a blog post that this campaign exemplifies “a much broader trend of sophisticated adversaries targeting networking infrastructure to advance espionage objectives or pre-position for future destructive activity”. He expressed deep concern over the increasing rate of high-sophistication attacks on network infrastructure, as observed by Cisco and corroborated by various intelligence organisations’ reports, indicating that state-sponsored actors are targeting routers and firewalls globally. Olney added that China has also been identified as attacking network equipment in multiple campaigns. Earlier this year, Mandiant reported that Chinese-state backed attackers exploited a zero-day vulnerability in Fortinet devices to execute a series of attacks on government organisations.
One2Call customers needn’t worry about the vulnerabilities as we ensure that our customers devices are always up to date with the latest security patches to ensure that you are never exposed to attacks such as these. Our Network Management and Cyber Security Suites highlight vulnerabilities such as these so that they can be patched immediately. If you want to ensure that your business network is secure and correctly managed, reach out to us to find out more. We can also work with businesses to ensure that they are following the best cyber security practices, fill out the form below to download our FREE Cyber Security Self Assessment form, we can also work with your business to ensure that you understand each of the key areas.
Latest News Stories
UPDATED June 26th, 2023: University of Manchester Targeted in Major Cyber Security Incident
Updated 26/06/2023: After Students and Saff of The University of Manchester received emails last week claiming to be from the attackers, stating that more than 7 Terabytes of data had been stolen in the attack, the university released a statement on Friday (June 23rd)...
Why should you outsource your Network Cyber Security?
The strength of your network's security is the key determinant in the aftermath of a cyber attack. Establishing a solid cyber security solution is a complex task, requiring a high level of technical skills and resources. Your Cyber Security Solution has the vital role...
Rise of Supply Chain Cyber Attacks: Understanding and Preventing the Threat
As the digital landscape evolves, so too do the threats that loom within it. Cyber Security measures are ever-improving, but in the cat-and-mouse game of the online world, hackers often still manage to gain the upper hand. The latest strategy in their arsenal? Supply...
Our Customers
Testimonials
Greystones Medical
Professional people providing a professional service. Fully met our business needs and listened to our requirements. Responsive team and capable engineers.
Rebecca, Straaltechniek
Pawel is great and very helpful!
Mark Hamilton, Gooding Group
Good communicative engineer worked away discreetly and kept me informed of progress.