Static Tundra, assessed as linked to the FSB Center 16 unit, exploits a seven-year-old Cisco Smart Install vulnerability (CVE-2018-0171) to establish persistent access to target networks. Attacks target telecommunications, higher education, and manufacturing organizations across North America, Asia, Africa, and Europe, with targets chosen for strategic interest to Russia and recent focus on Ukraine and its allies. The flaw can cause DoS or allow remote code execution. The vulnerability was likely also used by China-aligned Salt Typhoon against U.S. telecom providers in late 2024. The FBI reported FSB actors exploiting SNMP and end-of-life devices and collecting configuration files from thousands of networking devices.
A Russian state-sponsored cyber espionage group known as Static Tundra has been observed actively exploiting a seven-year-old security flaw in Cisco IOS and Cisco IOS XE software as a means to establish persistent access to target networks. Cisco Talos, which disclosed details of the activity, said the attacks single out organizations in telecommunications, higher education and manufacturing sectors across North America, Asia, Africa and Europe.
The vulnerability in question is CVE-2018-0171 (CVSS score: 9.8), a critical flaw in the Smart Install feature of Cisco IOS Software and Cisco IOS XE software that could allow an unauthenticated, remote attacker to trigger a denial-of-service (DoS) condition or execute arbitrary code. It's worth noting that the security defect has also been likely weaponized by the China-aligned Salt Typhoon (aka Operator Panda) actors as part of attacks targeting U.S. telecommunication providers in late 2024.
Collection
[
|
...
]