The FBI warns of cyber threats from Russian FSB actors, particularly exploiting vulnerabilities in Cisco devices to target critical infrastructure globally. These actors have been collecting and modifying device configurations to gain unauthorized access and conduct reconnaissance. #BerserkBear #Dragonfly #SYNfulKnock #CiscoSmartInstall
Keypoints
- The Russian FSB cyber actors exploit unpatched Cisco devices using CVE-2018-0171 to access networks worldwide.
- They collect configuration files and modify them to enable unauthorized access to network devices.
- The threat actors are known by multiple names, including βBerserk Bearβ and βDragonfly.β
- Legacy protocols like SMI and SNMP v1/v2 are primarily targeted due to their vulnerabilities.
- Organizations are urged to evaluate and report any suspected compromises to the FBI or IC3 immediately.
Read More: https://www.ic3.gov/PSA/2025/PSA250820