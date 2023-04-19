



After similar attacks by cyber agencies in the United Kingdom and the United States, Cisco told corporate users of its routing and switching hardware that a six-year-old vulnerability was exploited by nation-state threat actors linked to nation states such as Russia and China. I warned you to be careful with bring the action.

Earlier this week, the UK’s National Cyber ​​Security Center (NCSC) and its US counterpart highlighted a campaign of malicious activity exploiting CVE-2017-6742. CVE-2017-6742 is a Simple Network Management Protocol (SNMP) Remote Code Execution (RCE) vulnerability in Cisco IOS and IOS. XE software affects multiple devices.

The operation is attributed to APT28, an Advanced Persistent Threat (APT) actor backed by Russian intelligence agencies, with European and US organizations and over 250 Ukrainian victims targeting Cisco routers. Attacked with Jaguar Tooth malware, a non-persistent malware. Collects and steals device information to allow unauthenticated backdoor access.

This malicious activity by APT28 poses a serious threat to the organization and UK and US partners are working to raise awareness of the tactics and techniques being deployed, said NCSC Operations Director Paul Chichester. I’m here.

Network defenders are strongly encouraged to ensure their routers have the latest security updates and follow other mitigation steps in the advisory to prevent security breaches.

The networking kingpin said he was deeply concerned by the rise in these attacks, which Talos’ threat intelligence team has been following closely.

Matt Olney, director of Talos threat intelligence and containment at Cisco, said that while network infrastructure of all types is constantly under attack, Cisco hardware is particularly vulnerable because it dominates the market. He said he was likely to be targeted. APT-28, like other state-sponsored attackers, has been particularly successful in compromising infrastructure with outdated software.

Aging infrastructure is a risk, regardless of the situation. Relying on outdated equipment and using outdated protocols and technologies will ultimately cost your organization Matt Olney, Talos, Cisco

It is reasonable to conclude that a sufficiently capable national intelligence operation would develop and use the ability to compromise the communications infrastructure of their preferred target, Olney writes.

We have observed active defenses weakened by traffic manipulation, traffic copying, configuration hiding, router malware, infrastructure reconnaissance, and attackers operating on network equipment. Given the variety of activities we have seen attackers engage in, they demonstrate a very high level of comfort and expertise within the confines of compromised network equipment. .

Our assessment clearly shows that network infrastructure is a priority target for national intelligence and state-sponsored attackers around the world. Root/switch devices are stable, rarely inspected from a security perspective, often poorly patched, and provide deep network visibility. They are quiet and perfect targets for adversaries seeking access to critical intelligence capabilities and a foothold in preferred networks, he said.

Olney went on to share details of the behavior of several highly sophisticated actors that Cisco Talos observed on various platforms. Many of them were at critical infrastructure facilities.

Due to poor awareness and patching, reliance on used equipment, and the need for constant connectivity, we are concerned that too many infrastructure devices are easy prey. The consequences of these problems, he writes, range from unwitting complicity in criminal activity to events that truly affect national security.

Olney acknowledged that there are many operational realities that make it difficult to maintain a truly secure network, but given the risk of compromised network hardware, removing these roadblocks is a challenge. said to be important.

Aging infrastructure is a risk, regardless of the situation. Relying on outdated equipment or utilizing outdated protocols and technologies will ultimately cost organizations, he said.

