Security News > 2023 > April > US, UK warn of govt hackers using custom malware on Cisco routers

The US, UK, and Cisco are warning of Russian state-sponsored APT28 hackers deploying a custom malware named 'Jaguar Tooth' on Cisco IOS routers, allowing unauthenticated access to the device.
A joint report released today by the UK National Cyber Security Centre, US Cybersecurity and Infrastructure Security Agency, the NSA, and the FBI details how the APT28 hackers have been exploiting an old SNMP flaw on Cisco IOS routers to deploy a custom malware named 'Jaguar Tooth.
Jaguar Tooth is malware injected directly into the memory of Cisco routers running older firmware versions.
"Jaguar Tooth is non-persistent malware that targets Cisco IOS routers running firmware: C5350-ISM, Version 12.3(6)," warns the NCSC advisory.
To install the malware, the threat actors scan for public Cisco routers using weak SNMP community strings, such as the commonly used 'public' string.
The malware creates a new process named 'Service Policy Lock' that collects the output from the following Command Line Interface commands and exfiltrates it using TFTP:. All Cisco admins should upgrade their routers to the latest firmware to mitigate these attacks.
News URL
Related news
- Chinese hackers breach more US telecoms via unpatched Cisco routers (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)
- Spain arrests suspected hacker of US and Spanish military agencies (source)
- Suspected NATO, UN, US Army hacker arrested in Spain (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- UK, US, Oz blast holes in LockBit's bulletproof hosting provider Zservers (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)
- US lawmakers press Trump admin to oppose UK's order for Apple iCloud backdoor (source)
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware (source)