FBI Raises Urgent Warning For Cisco Network Devices On Russian Hacking Threat, Update ASAP
Cisco indicated in its advisory that "Only Smart Install client switches are affected by the vulnerability". The list of affected devices is in Table A-1 here. For a successful attack, hackers exploit a vulnerability tracked as CVE-2018-0171. This was a vulnerability that was patched way back in 2018. It is worth noting that people with unpatched older devices are more susceptible to these attacks.
Sometimes, attackers manipulate configurations to gain unauthorized access. This access will, in turn, help them commit all sorts of crime on target end devices, including creating a backdoor and setting up new passwords. Other times, attackers simply install malware that enables them to exfiltrate sensitive information and create a pathway for remote access into a network.
Based on the severity of this flaw, the FBI and Cisco have urged all users and IT admins to patch Cisco devices and protect themselves against exploitation. However, there is more to patching these devices; users must also remember to check network logs to identify strange activities.
The Federal Security Service (FSB), an intelligence and security agency of the Russian government, has been linked to these attacks. The FBI has revealed that the unit of FSB that masterminded these attacks is Center 16, which Security researchers have also identified with several nicknames, including "Berserk Bear" and "Dragonfly".
If you have already been exploited or suspect you have been attacked, the FBI has recommended that you report to your Local FBI field office.
