Hackers associated with some of Russia’s most prolific cyber espionage units have taken advantage of an old Cisco software last year to attack thousands of network devices associated with critical infrastructure IT systems, the FBI and Cisco said on Wednesday.
The hackers working at the 16th Russian Federal Security Service (FSB) center are extracting “mass device configuration information that can be used later, as needed, based on strategic goals and current interests of the Russian government,” wrote Cisco Talos researchers Sara McBro and Brandon White in a threat to the company’s blog.
In a separate statement, the FBI said that last year, he detected hackers collecting configuration files “for thousands of network devices associated with US entities in critical infrastructure sectors.”
Unique opportunity
Legacy Card: Far beyond a service
In some cases, configuration files are modified to allow long -term hacker access, which use this access to perform recognition on specific networks, with a special interest in industrial control systems.
The Russian embassy in Washington did not respond to a request for comment. Moscow denies cyber espionage operations.
Hackers are exploring a seven-year vulnerability in Cisco iOS software, aiming at Network devices without patches and end-of-life, according to a separate threat notice published on Wednesday by Cisco Talos, the Cisco Threat Intelligence Research Unit.
Continues after advertising
Other state -backed hackers are probably conducting similar hacking operations aiming at the devices, wrote Cisco Talos researchers.
The organizations of the telecommunications, higher education and manufacturing sectors in North America, Asia, Africa and Europe were the most targeted, “with selected victims based on their strategic interest for the Russian government,” the researchers said.
The activity linked hacking unit has been in operation for at least a decade, according to the researchers, and is probably a subgroup of FSB center 16. In March 2022, the US Department of Justice accused four Russian citizens of the group of illegally attacking the global energy sector between 2012 and 2018.
