Six Year Old Cisco Vulnerability targeted by Cyber Criminals
APT28, a state-sponsored hacking group affiliated with Russian military intelligence, has been exploiting a six-year-old vulnerability in Cisco routers to deploy malware and conduct surveillance, according to a joint advisory issued by the US and UK governments on Tuesday. The US cybersecurity agency CISA, alongside the FBI, NSA, and the UK’s National Cyber Security Centre, detailed how the Russia-backed hackers targeted European organisations and US government institutions throughout 2021 by exploiting Cisco router vulnerabilities. Notably, the advisory also revealed that the hackers attacked approximately 250 Ukrainian victims, whose identities were not disclosed.
The hacking group, also known as Fancy Bear, has a history of conducting cyber attacks, espionage, and hack-and-leak information operations on behalf of the Russian government. According to the joint advisory, the hackers exploited a remotely exploitable vulnerability that Cisco had patched in 2017 to deploy custom-built malware called “Jaguar Tooth”, designed to infect unpatched routers. The threat actors scanned for internet-facing Cisco routers using default or easy-to-guess SNMP community strings, which allowed them to install the malware. SNMP (Simple Network Management Protocol) enables network administrators to remotely access and configure routers, but can also be misused to obtain sensitive network information. Once installed, the malware exfiltrated data from the router and provided stealthy backdoor access to the device, the agencies stated.
Matt Olney, Director of Threat Intelligence at Cisco Talos, highlighted in a blog post that this campaign exemplifies “a much broader trend of sophisticated adversaries targeting networking infrastructure to advance espionage objectives or pre-position for future destructive activity”. He expressed deep concern over the increasing rate of high-sophistication attacks on network infrastructure, as observed by Cisco and corroborated by various intelligence organisations’ reports, indicating that state-sponsored actors are targeting routers and firewalls globally. Olney added that China has also been identified as attacking network equipment in multiple campaigns. Earlier this year, Mandiant reported that Chinese-state backed attackers exploited a zero-day vulnerability in Fortinet devices to execute a series of attacks on government organisations.
One2Call customers needn’t worry about the vulnerabilities as we ensure that our customers devices are always up to date with the latest security patches to ensure that you are never exposed to attacks such as these. Our Network Management and Cyber Security Suites highlight vulnerabilities such as these so that they can be patched immediately. If you want to ensure that your business network is secure and correctly managed, reach out to us to find out more. We can also work with businesses to ensure that they are following the best cyber security practices, fill out the form below to download our FREE Cyber Security Self Assessment form, we can also work with your business to ensure that you understand each of the key areas.
Latest News Stories
Greece’s Education System Hit By ‘Largest Ever’ Cyber Attack
Greece's Education Ministry has been subjected to an unprecedented cyber attack, described as the most extensive in the country's history. The malicious attempt aimed to disrupt the centralised high school examination platform known as the “Subject Bank”. The Subject...
Celebrating our Local Football Teams
In a remarkable turn of events that has sent waves of jubilation throughout the Sheffield region, both Sheffield Wednesday and Sheffield United football clubs have secured their respective promotions in the 2022-2023 season. This is a tremendous achievement for both...
Rochester Schools Still Suffering 1 Month After Cyber Attack
Rochester Public Schools, based in Minnesota, was hit by a significant ransomware attack on 6th April 2023, disrupting its operations and affecting thousands of students, teachers, and staff members. The attack was first detected at 4:30 a.m. by a member of their IT...
Our Customers
Testimonials
Greystones Medical
Professional people providing a professional service. Fully met our business needs and listened to our requirements. Responsive team and capable engineers.
Kevin, All Seasons Interiors
Pawel is always a great help and nothings too much trouble.
Peter, Peak Sensors
Very competent people completing tasks accurately and quickly.