Security News > 2023 > April > US, UK warn of govt hackers using custom malware on Cisco routers
The US, UK, and Cisco are warning of Russian state-sponsored APT28 hackers deploying a custom malware named 'Jaguar Tooth' on Cisco IOS routers, allowing unauthenticated access to the device.
A joint report released today by the UK National Cyber Security Centre, US Cybersecurity and Infrastructure Security Agency, the NSA, and the FBI details how the APT28 hackers have been exploiting an old SNMP flaw on Cisco IOS routers to deploy a custom malware named 'Jaguar Tooth.
Jaguar Tooth is malware injected directly into the memory of Cisco routers running older firmware versions.
"Jaguar Tooth is non-persistent malware that targets Cisco IOS routers running firmware: C5350-ISM, Version 12.3(6)," warns the NCSC advisory.
To install the malware, the threat actors scan for public Cisco routers using weak SNMP community strings, such as the commonly used 'public' string.
The malware creates a new process named 'Service Policy Lock' that collects the output from the following Command Line Interface commands and exfiltrates it using TFTP:. All Cisco admins should upgrade their routers to the latest firmware to mitigate these attacks.
News URL
Related news
- Chinese hackers breach more US telecoms via unpatched Cisco routers (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)
- Hackers exploit Four-Faith router flaw to open reverse shells (source)
- US sanctions Chinese company linked to Flax Typhoon hackers (source)
- US Treasury hack linked to Silk Typhoon Chinese state hackers (source)
- Treasury hackers also breached US foreign investments review office (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- FBI wipes Chinese PlugX malware from over 4,000 US computers (source)
- FBI deletes Chinese PlugX malware from thousands of US computers (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)