"The Cybersecurity and Infrastructure Security Agency is ordering federal agencies to patch Cisco devices that have been exploited by an advanced hacker group, it said in a Thursday alert. The hacking activity targeting the devices "is widespread and involves exploiting zero-day vulnerabilities to gain unauthenticated remote code execution" on various Cisco Adaptive Security Appliances, CISA said. A "zero-day" refers to a software flaw that's being exploited but has not been previously discovered, giving developers zero days to fix it."
"The software flaws allow hackers to gain control of devices without needing a password. Cyber intruders can also change how a given device's basic software works so they can stay hidden even after the targeted device restarts or updates. Internet routers are frequently targeted by hackers because they bridge internal networks and the public web. These devices often feature remote management interfaces and contain unpatched software vulnerabilities. Those openings offer attackers a pathway to intercept traffic, pilfer credentials or penetrate further into systems."
"The activity has been linked to a hacking entity dubbed ArcaneDoor, Cisco said in its own blog post. The group, also known as Storm-1849, has possible links to China, according to an analysis released last year by cyber threat intelligence firm Censys. The Censys analysis was released following previous ArcaneDoor hacking activity reported early last year."
CISA directed federal agencies to patch Cisco Adaptive Security Appliances exploited via zero-day vulnerabilities that enable unauthenticated remote code execution. The flaws let attackers control devices without passwords and alter device software to remain persistent across restarts and updates. The activity is linked to ArcaneDoor (aka Storm-1849), with Censys reporting possible ties to China and prior campaigns. Internet routers are prime targets because they bridge internal networks and the internet and often expose remote management interfaces with unpatched vulnerabilities. Agencies must apply patches by end of day Friday and submit inventories to CISA by October 3; threat-hunting guidance was provided.
Read at Nextgov.com
Unable to calculate read time
Collection
[
|
...
]