Cisco routers affected, the US, and UK have jointly issued a warning about the Russian state-sponsored hacking group APT28, also known as Fancy Bear, STRONTIUM, Sednit, and Sofacy. This group has been associated with Russia’s General Staff Main Intelligence Directorate (GRU) and has executed various cyber espionage attacks on European and US interests, using zero-day exploits.
The UK National Cyber Security Centre (NCSC), the US Cybersecurity and Infrastructure Security Agency (CISA), the NSA, and the FBI have released a joint report stating that APT28 is deploying a custom malware named ‘Jaguar Tooth’ on Cisco IOS routers. This malware exploits an old SNMP flaw to access the device without authentication, providing the hackers with an opportunity to execute their cyber espionage activities.
Story credit
Related Post:
