Six Year Old Cisco Vulnerability targeted by Cyber Criminals

APT28, a state-sponsored hacking group affiliated with Russian military intelligence, has been exploiting a six-year-old vulnerability in Cisco routers to deploy malware and conduct surveillance, according to a joint advisory issued by the US and UK governments on Tuesday. The US cybersecurity agency CISA, alongside the FBI, NSA, and the UK’s National Cyber Security Centre, detailed how the Russia-backed hackers targeted European organisations and US government institutions throughout 2021 by exploiting Cisco router vulnerabilities. Notably, the advisory also revealed that the hackers attacked approximately 250 Ukrainian victims, whose identities were not disclosed.

The hacking group, also known as Fancy Bear, has a history of conducting cyber attacks, espionage, and hack-and-leak information operations on behalf of the Russian government. According to the joint advisory, the hackers exploited a remotely exploitable vulnerability that Cisco had patched in 2017 to deploy custom-built malware called “Jaguar Tooth”, designed to infect unpatched routers. The threat actors scanned for internet-facing Cisco routers using default or easy-to-guess SNMP community strings, which allowed them to install the malware. SNMP (Simple Network Management Protocol) enables network administrators to remotely access and configure routers, but can also be misused to obtain sensitive network information. Once installed, the malware exfiltrated data from the router and provided stealthy backdoor access to the device, the agencies stated.

Matt Olney, Director of Threat Intelligence at Cisco Talos, highlighted in a blog post that this campaign exemplifies “a much broader trend of sophisticated adversaries targeting networking infrastructure to advance espionage objectives or pre-position for future destructive activity”. He expressed deep concern over the increasing rate of high-sophistication attacks on network infrastructure, as observed by Cisco and corroborated by various intelligence organisations’ reports, indicating that state-sponsored actors are targeting routers and firewalls globally. Olney added that China has also been identified as attacking network equipment in multiple campaigns. Earlier this year, Mandiant reported that Chinese-state backed attackers exploited a zero-day vulnerability in Fortinet devices to execute a series of attacks on government organisations.

One2Call customers needn’t worry about the vulnerabilities as we ensure that our customers devices are always up to date with the latest security patches to ensure that you are never exposed to attacks such as these. Our Network Management and Cyber Security Suites highlight vulnerabilities such as these so that they can be patched immediately. If you want to ensure that your business network is secure and correctly managed, reach out to us to find out more. We can also work with businesses to ensure that they are following the best cyber security practices, fill out the form below to download our FREE Cyber Security Self Assessment form, we can also work with your business to ensure that you understand each of the key areas.

Latest News Stories