U.S. and allied cybersecurity agencies warned that Russian FSB Center 16 hackers are targeting weakly configured routers to break into critical infrastructure networks. The advisory also details active exploitation of Cisco IOS, Cisco IOS XE, and Smart Install flaws, while noting a separate operation that disrupted APT28’s FrostArmada router compromise campaign. #FSB #BerserkBear #EnergeticBear #CrouchingYeti #Dragonfly #GhostBlizzard #StaticTundra #CVE-2018-0171 #CiscoIOS #CiscoIOSXE #APT28 #FrostArmada
Keypoints
- Russian state hackers are scanning routers for weak SNMP credentials.
- The attacks aim to steal configuration files and exfiltrate them to attacker-controlled servers.
- Cisco Smart Install and Cisco IOS vulnerabilities have also been used to gain device access.
- Critical infrastructure sectors such as energy, healthcare, and government are at risk.
- Defenders are urged to use SNMPv3, disable Smart Install, block TFTP and SNMP, and replace end-of-life devices.