Security News > 2023 > April > US, UK warn of govt hackers using custom malware on Cisco routers
The US, UK, and Cisco are warning of Russian state-sponsored APT28 hackers deploying a custom malware named 'Jaguar Tooth' on Cisco IOS routers, allowing unauthenticated access to the device.
A joint report released today by the UK National Cyber Security Centre, US Cybersecurity and Infrastructure Security Agency, the NSA, and the FBI details how the APT28 hackers have been exploiting an old SNMP flaw on Cisco IOS routers to deploy a custom malware named 'Jaguar Tooth.
Jaguar Tooth is malware injected directly into the memory of Cisco routers running older firmware versions.
"Jaguar Tooth is non-persistent malware that targets Cisco IOS routers running firmware: C5350-ISM, Version 12.3(6)," warns the NCSC advisory.
To install the malware, the threat actors scan for public Cisco routers using weak SNMP community strings, such as the commonly used 'public' string.
The malware creates a new process named 'Service Policy Lock' that collects the output from the following Command Line Interface commands and exfiltrates it using TFTP:. All Cisco admins should upgrade their routers to the latest firmware to mitigate these attacks.
News URL
Related news
- US says Chinese hackers breached multiple telecom providers (source)
- Cisco bug lets hackers run commands as root on UWRB access points (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- US indicts Snowflake hackers who extorted $2.5 million from 3 victims (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Hacker gets 10 years in prison for extorting US healthcare provider (source)