Background on the Threat Actors
Russian cyber espionage units, known for their prolific activities, have exploited a vulnerability in Cisco software for over a year, according to the FBI and Cisco.
Key Players Involved
- Cisco: A leading global technology company providing networking hardware, software, and telecommunications equipment.
- FBI: The Federal Bureau of Investigation, the primary law enforcement agency for investigating cybercrimes in the United States.
- FSB (Federal Security Service of Russia): The principal security agency of the Russian Federation, responsible for internal security matters.
The Nature of the Cyberattacks
Hackers affiliated with Russian cyber espionage units have been exploiting a seven-year-old vulnerability in Cisco’s IOS software to target thousands of unpatched network devices associated with critical infrastructure systems across various sectors in the U.S.
Methods and Targets
- Exploiting Vulnerability: The hackers are taking advantage of a flaw in Cisco’s IOS software, which has remained unpatched for years.
- Target Devices: The attacks focus on network devices that have reached the end of their useful life and lack necessary security updates.
- Critical Infrastructure Sectors: The cyber espionage efforts target essential sectors such as energy, finance, healthcare, and transportation.
Activities of the Hackers
According to Cisco investigators Sara McBroom and Brandon White, the hackers from Russia’s FSB Center 16 are mass-extracting device configuration information, which can later be leveraged based on Russia’s strategic goals and interests.
FBI’s Observations
The FBI has detected that cybercriminals have been collecting configuration files for thousands of network devices associated with U.S. entities across all critical infrastructure sectors over the past year.
Access and Reconnaissance
In some cases, the configuration files have been altered to grant long-term access for hackers. This access enables them to conduct reconnaissance activities on selected networks, with a particular interest in industrial control systems.
Russian Government’s Denial
The Russian embassy in Washington did not respond to requests for comment. Moscow has consistently denied engaging in cyber espionage operations.
Key Questions and Answers
- Who are the hackers? Russian cyber espionage units, specifically those working from Center 16 of the Federal Security Service (FSB).
- What vulnerability are they exploiting? A seven-year-old flaw in Cisco’s IOS software.
- Which sectors are targeted? Critical infrastructure sectors, including energy, finance, healthcare, and transportation.
- What information are they collecting? Configuration files of unpatched network devices associated with U.S. entities.
- What are their objectives? To gather strategic information that can be used according to Russia’s interests and goals.
