Security News > 2023 > April > U.S. and U.K. Warn of Russian Hackers Exploiting Cisco Router Flaws for Espionage
U.K. and U.S. cybersecurity and intelligence agencies have warned of Russian nation-state actors exploiting now-patched flaws in networking equipment from Cisco to conduct reconnaissance and deploy malware against targets.
The activity has been attributed to a threat actor tracked as APT28, which is also known as Fancy Bear, Forest Blizzard, FROZENLAKE, and Sofacy, and is affiliated with the Russian General Staff Main Intelligence Directorate.
CVE-2017-6742 is part of a set of remote code execution flaws that stem from a buffer overflow condition in the Simple Network Management Protocol subsystem in Cisco IOS and IOS XE Software.
In the attacks observed by the agencies, the threat actor weaponized the vulnerability to deploy a non-persistent malware dubbed Jaguar Tooth on Cisco routers that's capable of gathering device information and enabling unauthenticated backdoor access.
Cisco Talos, in a coordinated advisory, said the attacks are part of a broader campaign against aging networking appliances and software from a variety of vendors to "Advance espionage objectives or pre-position for future destructive activity."
The alert comes months after the U.S. government sounded the alarm about China-based state-sponsored cyber actors leveraging network vulnerabilities to exploit public and private sector organizations since at least 2020.
News URL
https://thehackernews.com/2023/04/us-and-uk-warn-of-russian-hackers.html
Related news
- State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (source)
- German defense chat overheard by Russian eavesdroppers on Cisco's WebEx (source)
- Microsoft says Russian hackers breached its systems, accessed source code (source)
- Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets (source)
- Microsoft: Russian hackers accessed internal systems, code repositories (source)
- Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded 'AcidPour' Malware (source)
- Russian hackers target German political parties with WineLoader malware (source)
- Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties (source)
- Russian Sandworm hackers pose as hacktivists in water utility breaches (source)
- Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-17 | CVE-2017-6742 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS XE The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. | 9.0 |