Six Year Old Cisco Vulnerability targeted by Cyber Criminals
APT28, a state-sponsored hacking group affiliated with Russian military intelligence, has been exploiting a six-year-old vulnerability in Cisco routers to deploy malware and conduct surveillance, according to a joint advisory issued by the US and UK governments on Tuesday. The US cybersecurity agency CISA, alongside the FBI, NSA, and the UK’s National Cyber Security Centre, detailed how the Russia-backed hackers targeted European organisations and US government institutions throughout 2021 by exploiting Cisco router vulnerabilities. Notably, the advisory also revealed that the hackers attacked approximately 250 Ukrainian victims, whose identities were not disclosed.
The hacking group, also known as Fancy Bear, has a history of conducting cyber attacks, espionage, and hack-and-leak information operations on behalf of the Russian government. According to the joint advisory, the hackers exploited a remotely exploitable vulnerability that Cisco had patched in 2017 to deploy custom-built malware called “Jaguar Tooth”, designed to infect unpatched routers. The threat actors scanned for internet-facing Cisco routers using default or easy-to-guess SNMP community strings, which allowed them to install the malware. SNMP (Simple Network Management Protocol) enables network administrators to remotely access and configure routers, but can also be misused to obtain sensitive network information. Once installed, the malware exfiltrated data from the router and provided stealthy backdoor access to the device, the agencies stated.
Matt Olney, Director of Threat Intelligence at Cisco Talos, highlighted in a blog post that this campaign exemplifies “a much broader trend of sophisticated adversaries targeting networking infrastructure to advance espionage objectives or pre-position for future destructive activity”. He expressed deep concern over the increasing rate of high-sophistication attacks on network infrastructure, as observed by Cisco and corroborated by various intelligence organisations’ reports, indicating that state-sponsored actors are targeting routers and firewalls globally. Olney added that China has also been identified as attacking network equipment in multiple campaigns. Earlier this year, Mandiant reported that Chinese-state backed attackers exploited a zero-day vulnerability in Fortinet devices to execute a series of attacks on government organisations.
One2Call customers needn’t worry about the vulnerabilities as we ensure that our customers devices are always up to date with the latest security patches to ensure that you are never exposed to attacks such as these. Our Network Management and Cyber Security Suites highlight vulnerabilities such as these so that they can be patched immediately. If you want to ensure that your business network is secure and correctly managed, reach out to us to find out more. We can also work with businesses to ensure that they are following the best cyber security practices, fill out the form below to download our FREE Cyber Security Self Assessment form, we can also work with your business to ensure that you understand each of the key areas.
Latest News Stories
SentinelOne Achieves 100% Protection and Detection in the 2023 MITRE Engenuity ATT&CK® Evaluations Enterprise.
In today's digitally interconnected world, where businesses are constantly under attack from sophisticated cyber threats, having a robust cybersecurity partner is not just an option but a necessity. In the world of cybersecurity solutions, SentinelOne's Singularity...
Phishing Prevention in your Area: Stay Wary of Cyber Traps
Discover the factors for choosing the perfect MSP partner. Get reliable technology services for your business with expert 24/7 support & detailed asset tracking
Why You Need Business Continuity & a Disaster Recovery Plan
Discover the factors for choosing the perfect MSP partner. Get reliable technology services for your business with expert 24/7 support & detailed asset tracking
Our Customers
Testimonials
Jeanette Addis, Principle Support Ltd
Very approachable, friendly team and fast response time. Thank you.
Pete Richardson, DALP
Always provide very prompt support. Excellent.
Sarah, CPP
Excellent service thank you for doing this out of hours!