By AJ Vicens
(Reuters) -Hackers associated with some of Russia’s most prolific cyber espionage units have over the last year been leveraging a vulnerability in older Cisco software to target thousands of networking devices associated with critical infrastructure IT systems, the FBI and Cisco said on Wednesday.
Hackers working within the Russian Federal Security Service (FSB) Center 16 are extracting “device configuration information en masse, which can later be leveraged as needed based on then-current
strategic goals and interests of the Russian government,” Cisco Talos researchers Sara McBroom and Brandon White wrote in a threat advisory published to the company’s blog.
In a separate advisory, the FBI said that over the last year it had detected the hackers collecting configuration files “for thousands of networking devices associated with U.S. entities across critical infrastructure sectors.”
In some cases the configuration files are modified to enable long-term access for the hackers, who use that access to conduct reconnaissance in targeted networks, with a particular interest in industrial control systems.
The Russian embassy in Washington did not respond to a request for comment. Moscow denies conducting cyber espionage operations.
The hackers are exploiting a seven-year-old vulnerability in Cisco IOS software, targeting unpatched and end-of-life network devices, according to a separate threat advisory published on Wednesday by Cisco Talos, Cisco’s threat intelligence research unit.
Other state-backed hackers are likely conducting similar hacking operations targeting the devices, the Cisco Talos researchers wrote.
Organizations within the telecommunications, higher education and manufacturing sectors across North America, Asia, Africa and Europe have been most targeted, “with victims selected based on their strategic interest to the Russian government,” the researchers said.
The hacking unit linked to the activity has been operating for at least a decade, according to the researchers, and is likely a subgroup within the FSB’s Center 16. In March 2022 the U.S. Department of Justice charged four Russian nationals within the group of illegally targeting the global energy sector between 2012 and 2018.
(Reporting by AJ Vicens in Detroit; Editing by Daniel Wallis )
