Russian Government Cyber Actors Targeting Networking Devices, Critical Infrastructure
(www.ic3.gov)
from Pro@programming.dev to cybersecurity@sh.itjust.works on 20 Aug 14:43
https://programming.dev/post/36018994
from Pro@programming.dev to cybersecurity@sh.itjust.works on 20 Aug 14:43
https://programming.dev/post/36018994
cross-posted from: programming.dev/post/36017215
- Static Tundra is a Russian state-sponsored cyber espionage group linked to the FSB’s Center 16 unit that has been operating for over a decade, specializing in compromising network devices for long-term intelligence gathering operations.
- The group actively exploits a seven-year-old vulnerability (CVE-2018-0171), which was patched at the time of the vulnerability publications, in Cisco IOS software’s Smart Install feature, targeting unpatched and end-of-life network devices to steal configuration data and establish persistent access.
- Primary targets include organizations in telecommunications, higher education and manufacturing sectors across North America, Asia, Africa and Europe, with victims selected based on their strategic interest to the Russian government.
- Static Tundra employs sophisticated persistence techniques including the historic SYNful Knock firmware implant (first reported in 2015) and bespoke SNMP tooling to maintain undetected access for multiple years.
- The threat extends beyond Russia’s operations — other state-sponsored actors are likely conducting similar network device compromise campaigns, making comprehensive patching and security hardening critical for all organizations.
- Threat actors will continue to abuse devices which remain unpatched and have Smart Install enabled.
threaded - newest