A Russian cyber-espionage group known as Static Tundra, Berserk Bear, or Dragonfly is actively exploiting unpatched Cisco devices with CVE-2018-0171 to target organizations worldwide, including Ukraine. This group seeks to steal data, establish persistent access, and expand their network infiltration, raising concerns about long-term cyber-espionage efforts. #StaticTundra #CVE20180171
Keypoints
- The threat group has been exploiting CVE-2018-0171 in end-of-life Cisco devices since 2018.
- Static Tundra targets organizations across sectors and regions, with a focus on strategic interests like Ukraine.
- The group has developed specialized tools, such as the SYNful Knock malware, to compromise and manipulate network devices.
- They typically aim to steal configuration files, conduct reconnaissance, and maintain long-term access to networks.
- Authorities recommend patching vulnerable devices, disabling Smart Install, and using detection scripts to mitigate these threats.
Read More: https://therecord.media/russia-cisco-fsb-static-tundra