Bleepingcomputer
Russian State Hackers Target Vulnerable Routers Worldwide
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Cybersecurity agencies from 12 countries have issued a joint advisory warning that Russian state hackers from the FSB's Centre 16 are actively targeting vulnerable routers globally. These hackers exploit weak Simple Network Management Protocol (SNMP) passwords and community strings to infiltrate critical infrastructure sectors, including energy, healthcare, and financial services. The advisory highlights the exploitation of CVE-2018-0171, a vulnerability in Cisco devices, which has been under active exploitation since November 2021. The attacks involve scanning for poorly configured routers, issuing commands to copy configurations, and exfiltrating them via Trivial File Transfer Protocol (TFTP) to actor-controlled servers. The UK government has attributed recent cyber-attacks on Poland's energy infrastructure to these actors, emphasizing the potential for widespread disruption. Agencies have urged organizations to upgrade to SNMPv3 and implement stronger security measures to mitigate risks. The advisory follows a series of coordinated cyber operations attributed to Russian state-backed groups targeting critical infrastructure.
Key Points: • Russian state hackers are targeting vulnerable routers globally, focusing on critical infrastructure. • Exploitation of CVE-2018-0171 in Cisco devices has been confirmed, with attacks ongoing since 2021. • Agencies recommend immediate action, including upgrading to SNMPv3 and enhancing router security.