Thread regarding Cisco Systems Inc. layoffs

More great publicity

Russian hackers exploit six-year-old Cisco flaw to target US government agencies

https://techcrunch.com/2023/04/19/russian-hackers-exploit-six-year-old-cisco-flaw-to-target-us-government-agencies/

by
| 1615 views | | 7 replies (last ) | Reply
Post ID: @OP+1medXZuq

7 replies (most recent on top)

@ecb+1medXZuq So was the original patch not sufficient? If it was, then it’s simply that these old products weren’t patched.

To OP: Cisco can’t force these organizations to roll out fixes. Do you hold other companies (hello MS and Google/Android) to the same standard if an old vulnerability is actively exploited?

by
| | Reply
Post ID: @1iwz+1medXZuq

No surprise here. That’s the end result If you keep outsourcing security testing and development outside the country, these workers have no sense of urgency, patriotism. They simply don’t care.

by
| | Reply
Post ID: @bwo+1medXZuq

SOLUTION:

  • remove all internet-facing Cisco routers from deployment.
  • FIRE the SVP and anyone below them who introduced this security defect
by
| | Reply
Post ID: @fap+1medXZuq

@ecb+1medXZuq So you’re saying these big companies suck at image testing too?

by
| | Reply
Post ID: @spk+1medXZuq
So you’re telling me this group is exploiting unpatched systems with an exploit from 6 years ago.

The dhcp relay bug in IOS and IOS-XE which allowed for own the box exploits wasn't even discovered until around the 15 year mark, so while patching might have helped here it's still not sufficient.

Customers with revenues that dwarf Cisco's have come to Cisco to lecture you on how they have to test images for periods measured in years and even then they often have to do rollbacks in the first week of deployment when the code fails out. You have made it impossible to upgrade a large scale deployment in anything remotely approaching a reasonable amount of time.

by
| | Reply
Post ID: @ecb+1medXZuq

So you’re telling me this group is exploiting unpatched systems with an exploit from 6 years ago. If these products were really unpatched and publicly accessible then it’s just sheer incompetence. But I would t expect anything less from gov.

by
| | Reply
Post ID: @cgg+1medXZuq

APT28, a state-sponsored hacking group operated by Russian military intelligence, is exploiting a six-year-old vulnerability in Cisco routers to deploy malware and carry out surveillance, according to the U.S. and U.K. governments.

In a joint advisory issued on Tuesday, U.S. cybersecurity agency CISA along with the FBI, the NSA and the U.K.’s National Cyber Security Center detail how the Russia-backed hackers exploited Cisco router vulnerabilities throughout 2021 with the aim of targeting European organizations and U.S. government institutions. The advisory said the hackers also hacked “approximately 250 Ukrainian victims,” which the agencies did not name.

APT28, also known as Fancy Bear, is known for carrying out a range of cyberattacks, espionage and hack-and-leak information operations on behalf of the Russian government.

According to the joint advisory, the hackers exploited a remotely exploitable vulnerability patched by Cisco in 2017 to deploy a custom-built malware dubbed “Jaguar Tooth,” which is designed to infect unpatched routers.

To install the malware, the threat actors scan for internet-facing Cisco routers using a default or easy-to-guess SNMP community string.

SNMP, or Simple Network Management Protocol, allows network administrators to remotely access and configure routers in place of a username or password, but can also be misused to obtain sensitive network information.

Once installed, the malware exfiltrates information from the router and provides stealthy backdoor access to the device, the agencies said.

Matt Olney, director of threat intelligence at Cisco Talos, said in a blog post this campaign is an example of “a much broader trend of sophisticated adversaries targeting networking infrastructure to advance espionage objectives or pre-position for future destructive activity.”

“Cisco is deeply concerned by an increase in the rate of high-sophistication attacks on network infrastructure — that we have observed and have seen corroborated by numerous reports issued by various intelligence organizations — indicating state-sponsored actors are targeting routers and firewalls globally,” Olney said.

Olney added that in addition to Russia, China has also been spotted attacking network equipment in several campaigns.

Earlier this year, Mandiant reported that Chinese state-backed attackers exploited a zero-day vulnerability in Fortinet devices to carry out a series of attacks on government organizations.

by
| | Reply
Post ID: @bca+1medXZuq

Post a reply

: