The Federal Investigation Bureau of Investigation (FBI) has warned that hackers associated with Russia’s Federal Security Service (FSB) are targeting important infrastructure organizations in significantly exploiting 7 -year -old vulnerability in Cisco devices.
The Public Service announcement of the FBI states that the state -backed hacking group, FSB center is connected to 16 units And is tracked as Berserk Bear (also known as Blue Crackon, Cracking Yeti, Dragonfly and Koala team), targeting Cisco networking equipment using CVE-2018-0171 adventures for violation of organizations around the world.
The successful exploitation of CVE-2018-0171 may allow actors with an important vulnerability, informal threats to re-load a reload of devices from distant danger, an important vulnerability in Cisco iOS and Sisko iOS XE software’s smart installed feature, which may dismiss those who reject the dismissal.
“In the last one year, the FBI discovered actors collecting configuration files for thousands of networking equipment associated with American institutions in important infrastructure areas. On some weak equipment, the actors modified the configuration files to enable unauthorized access to those devices,” FBI said,
“The actors used unauthorized access to operate reconnaissance in the afflicted network, which usually revealed their interest in protocols and applications associated with industrial control systems.”
The same hacking group has targeted the network of American state, local, regional and tribal (SLT) government organizations and aviation institutions in the last decade.
Admins urged to patch as soon as possible
Cisco, who first explored the target attacks of CVE -2018-0171 in November 2021, updated his advice on Wednesday, Urge To secure your equipment against the earliest attacks.
Cisco Tellos, Company’s Cyber Security Division, Said This Russian Danger Group tracks it as a static tundra, in this campaign aggressively exploiting CVE -2018-0171, which is to compromise devices related to telecommunications, higher education and manufacturing organizations in North America, Asia, Africa and Europe.
The attackers were also seen using custom SNMP tooling which enables them to gain perseverance on compromised tools and detect for years, as well as syncle knock firmware transplants, First Viewed in 2015 By Fiereeye.
“Danger is beyond the operation of Russia-other state-propelled actors are possibly running a similar network device compromise campaign, making widespread patching and safety strict for all organizations,” said Sisko Tello.
“Threatening actors will continue to misuse the equipment that remain unpublished and smart installs are capable.”
The passwords broke in 46% of the atmosphere, almost doubled by 25% last year.
Picus Blue Report 2025 Now get a wider look at more conclusions on prevention, detection and data exfIs.
