• NSA, FBI, CISA, and 15 allied agencies warn Russia’s FSB Center 16 is exploiting weak/default credentials and old Cisco flaws to compromise critical infrastructure devices
  • Advisory highlights CVE‑2018‑0171 (Smart Install DoS/RCE) and CVE‑2008‑412813 (CSRF in Cisco IOS 12.4) as examples of vulnerabilities still being abused
  • TTPs overlap with Chinese groups but attribution points to Russian actors like Berserk Bear and Energetic Bear; full IoCs and mitigations were published in the joint advisory

Russian state-sponsored threat actors are continuously targeting broken and poorly configured networking devices belonging to critical infrastructure providers all around the world, a joint security advisory published by the US National Security Agency (NSA) and more than a dozen other agencies has warned.

As per the advisory, hackers working for the Russian Federal Security Service (FSB) Center 16 are constantly scanning for routers and other internet-connected devices that can be accessed with “common or default” login credentials.



Source link

Podcast also available on PocketCasts, SoundCloud, Spotify, Google Podcasts, Apple Podcasts, and RSS.