Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Moscow exploiting seven-year-old Cisco flaw, says FBI | Computer Weekly

By Computer Weekly by By Computer Weekly
August 21, 2025
Home Uncategorized
Share on FacebookShare on Twitter


Threat actors linked to the Russian government are falling back on a seven-year-old vulnerability in Cisco equipment that was first uncovered in 2018, according to a new warning from the FBI.

The flaw in question, tracked as CVE-2018-0171, exists in the Smart Install (SMI) feature of Cisco’s Internetwork Operating System (IOS) and IOS XE. It arises through the improper validation of packet data and is exploited by sending a specially-crafted Smart Install message to a vulnerable device on TCP port 4786.

If left unpatched, enables an unauthenticated, remote attacker to achieve a denial of service (DoS) condition, or to conduct remote code execution (RCE).

In the past year, the feds said they had detected threat actors collecting configuration files for thousands of end-of-life network devices vulnerable to CVE-2018-0171, which it said are still in use at multiple critical national infrastructure (CNI) operators in the US.

“On some vulnerable devices, the actors modified configuration files to enable unauthorised access to those devices,” said the FBI in a statement.

“The actors used the unauthorised access to conduct reconnaissance in the victim networks, which revealed their interest in protocols and applications commonly associated with industrial control systems.”

Beserk Bear

The US authorities said the unit conducting the current spate of intrusions was likely Beserk Bear, aka Dragonfly, a cyber unit of Russia’s Federal Security Service, the FSB, which is known to have targeted networking devices – particularly those that accept legacy protocols, and had previously worked on custom malwares that specifically targeted Cisco products, notably a strain referred to as SYNful Knock.

Cisco Talos researchers Sara McBroom and Brandon White said that Cisco had observed Beserk Bear – Static Tundra in its parlance – acting against Cisco products since at least 2015, and urged users to patch against CVE-2018-0171 as a matter of urgency.

“Customers are strongly urged to apply the patch immediately given active and ongoing exploitation of the vulnerability…. Devices that are beyond end of life and cannot support the patch require additional security precautions as detailed in the 2018 security advisory. Unpatched devices with Smart Install enabled will continue to be vulnerable to these and other attacks unless and until customers take action,” they said.

McBroom and White also pointed out that the threat actor’s targeting extends beyond the US and North America, with primary targets including organisations in the higher education, manufacturing and telecoms sectors in Asia, Africa and Europe. Beserk Bear’s victims appear to be selected based on their strategic value to the Russian government’s geopolitical and intelligence goals, they added.

“We assess that Static Tundra’s two primary operational objectives are, one, compromising network devices to gather sensitive device configuration information that can be leveraged to support future operations, and two, establishing persistent access to network environments to support long-term espionage in alignment with Russian strategic interests.

“Because of the large global presence of Cisco network infrastructure and the potential access it affords, the group focuses heavily on the exploitation of these devices and possibly also the development of tools to interact with and persist on these devices,” warned McBroom and White.



Source link

By Computer Weekly

By Computer Weekly

Next Post
Stocks making the biggest moves midday: Coty, Paramount Skydance, Walmart and more

Stocks making the biggest moves midday: Coty, Paramount Skydance, Walmart and more

Recommended.

Subtle Introduces Voicebuds – Reinventing Earbuds for Personal Voice Computing

Subtle Introduces Voicebuds – Reinventing Earbuds for Personal Voice Computing

January 5, 2026
450 MHz LTE: Brezilya için Daha Güçlü, Daha Akıllı Şebeke

450 MHz LTE: Brezilya için Daha Güçlü, Daha Akıllı Şebeke

May 7, 2026

Trending.

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
Google’s 0 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

Google’s $750 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

April 24, 2026
AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

April 30, 2026
Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

May 19, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio