Cisco Talos reveals βStatic Tundra,β a Russian state-sponsored threat group exploiting outdated Cisco devices for espionage. The group, linked to FSB and Energetic Bear, conducts long-term cyber espionage campaigns globally, particularly targeting strategic sectors. #StaticTundra #EnergeticBear #Fsb #CiscoVulnerabilities
Keypoints
- Static Tundra is a Russian threat actor focused on exploiting unpatched Cisco devices for espionage.
- The group primarily exploits CVE-2018-0171, a Smart Install vulnerability in Cisco IOS software.
- They use SYNful Knock implants and TCP SYN packets for stealthy, persistent access to networks.
- Long-term campaigns have targeted telecommunications, manufacturing, and higher education sectors worldwide.
- Methods include establishing GRE tunnels, NetFlow exfiltration, SNMP manipulation, and FTP/TFTP transfers for data extraction.