Security News > 2023 > April > US, UK warn of govt hackers using custom malware on Cisco routers

The US, UK, and Cisco are warning of Russian state-sponsored APT28 hackers deploying a custom malware named 'Jaguar Tooth' on Cisco IOS routers, allowing unauthenticated access to the device.

A joint report released today by the UK National Cyber Security Centre, US Cybersecurity and Infrastructure Security Agency, the NSA, and the FBI details how the APT28 hackers have been exploiting an old SNMP flaw on Cisco IOS routers to deploy a custom malware named 'Jaguar Tooth.

Jaguar Tooth is malware injected directly into the memory of Cisco routers running older firmware versions.

"Jaguar Tooth is non-persistent malware that targets Cisco IOS routers running firmware: C5350-ISM, Version 12.3(6)," warns the NCSC advisory.

To install the malware, the threat actors scan for public Cisco routers using weak SNMP community strings, such as the commonly used 'public' string.

The malware creates a new process named 'Service Policy Lock' that collects the output from the following Command Line Interface commands and exfiltrates it using TFTP:. All Cisco admins should upgrade their routers to the latest firmware to mitigate these attacks.

News URL

https://www.bleepingcomputer.com/news/security/us-uk-warn-of-govt-hackers-using-custom-malware-on-cisco-routers/