The FBI and Cisco Talos attributed a global intrusion campaign to Russian FSB Center 16 (Static Tundra/Berserk Bear/Dragonfly). The actors exploited legacy unencrypted protocols, notably Cisco Smart Install (SMI) and SNMP, on end-of-life Cisco IOS and IOS XE devices. The long-fixed vulnerability CVE-2018-0171 remained unpatched on many systems, allowing collection of thousands of networking device configuration files and, in some cases, modification to enable unauthorized access. The campaign targeted telecommunications, higher education, and manufacturing across North America, Asia, Africa, and Europe. Cisco urges immediate upgrades to fixed software versions and adherence to security best practices.
In the past year, the FBI detected the actors collecting configuration files for thousands of networking devices associated with US entities across critical infrastructure sectors,
On some vulnerable devices, the actors modified configuration files to enable unauthorized access to those devices.
We strongly urge customers to immediately upgrade to fixed software versions as outlined in the security advisory and follow our published security best practices,
Collection
[
|
...
]