The FBI has issued a warning about Russian state-sponsored hackers, linked to the FSB's Center 16, targeting thousands of networking devices within critical US infrastructure sectors over the past year. The hackers are exploiting a vulnerability in certain Cisco devices, potentially modifying configuration files to gain unauthorised access and conduct reconnaissance on networks.
This activity has revealed the hackers' interest in protocols and applications commonly associated with industrial control systems. Cisco's threat intelligence research arm, Talos, has identified a subcluster of this group, named "Static Tundra," targeting a seven-year-old vulnerability in Cisco's Smart Install feature. Although a patch exists, the vulnerability persists in unpatched and end-of-life network devices.
Static Tundra establishes initial access to a network device and then moves further into the target environment, compromising additional devices and establishing long-term access for information gathering. They have been known to maintain access for years without detection. The ongoing campaign targets telecommunications, higher education, and manufacturing organisations across North America, Asia, Africa, and Europe, selecting victims based on their strategic interest to the Russian government. The purpose is believed to be to compromise and extract device configuration information for future strategic goals.
Cisco has urged customers to upgrade to fixed software versions and follow security best practices. The exploited vulnerability, CVE-2018-0171, affects Smart Install client switches and was initially patched in 2018. Other state-sponsored actors are also likely pursuing similar operations, highlighting the need for organisations to remain vigilant.
Artículos relacionados de LaRebelión:
Artículo generado mediante LaRebelionBOT
No hay comentarios:
Publicar un comentario