Russian state-sponsored APT groups linked to Russia’s FSB are targeting poorly secured networking devices, especially routers, to compromise critical infrastructure worldwide. The attacks use SNMP abuse, proxy infrastructure, and known Cisco vulnerabilities, prompting joint defensive guidance from multiple allied governments. #BerserkBear #EnergeticBear #CrouchingYeti #Dragonfly #GhostBlizzard #StaticTundra #CVE-2008-4128 #CVE-2018-0171 #Cisco
Keypoints
- Russian APT actors are scanning for weakly secured networking devices.
- The campaign targets critical infrastructure across multiple sectors worldwide.
- Attackers use SNMP set-requests to copy device configurations and exfiltrate them.
- The threat actors exploit Cisco vulnerabilities including CVE-2008-4128 and CVE-2018-0171.
- Defenders are advised to disable risky services, harden credentials, and patch network devices.