Legacy Devices Worldwide Under Siege From Hackers, FBI Warns

By Joe Lombardi From Daily Voice

Russian government hackers are raiding aging routers and switches to slip into US critical infrastructure, the FBI is warning.

The agency is urging organizations to lock down legacy gear before it opens the door to bigger attacks in an alert issued on Wednesday, Aug. 20.

An end-of-life (EOL) networking device is hardware, like a router or switch, that a manufacturer no longer supports or patches. Without updates, these devices are easier to compromise and may struggle with newer technologies or heavier data loads.

The FBI reported that cyber actors associated with the Russian Federalnaya Sluzhba Bezopasnosti (FSB) Federal Security Service’s Center 16 have been exploiting the Simple Network Management Protocol (SNMP).

The FSB is also taking advantage of an unpatched Cisco Smart Install (SMI) flaw, CVE-2018-0171, to broadly target entities in the United States and around the world.

Over the past year, the bureau detected the actors collecting configuration files from thousands of networking devices tied to US critical infrastructure sectors.

On some vulnerable devices, the hackers altered configurations to enable unauthorized access, then used that foothold to conduct reconnaissance that showed interest in protocols and applications commonly used in industrial control systems.

The FSB unit, tracked by researchers as “Berserk Bear” and “Dragonfly,” among related clusters, has spent more than a decade compromising network devices.

They particularly focus on those that accept legacy, unencrypted protocols such as SMI and SNMP versions 1 and 2.

The group has also deployed custom tools to certain Cisco devices, including the “SYNful Knock” malware publicly identified in 2015.

Cisco Talos published additional analysis, identifying the threat actor as “Static Tundra.”

Organizations that suspect targeting or compromise should contact a local FBI field office or file a report with the FBI's Internet Crime Complaint Center (IC3).

Before filing, evaluate routers and other network devices for configuration changes or malware and include those details in the IC3 report.

Interests (0)

Settings

Legacy Devices Worldwide Under Siege From Hackers, FBI Warns

Maps show Hurricane Erin's path off East Coast as North Carolina braces for rough conditions: "Batten down the hatches"

ARSON: Landlord Admits Breaking Into Tenant's Home; Starting Fire, Lancaster County DA Says

Toddler Dies From Assault: Dad ‘Never Should Have Gotten Out For 1st Kid He Beat' Family Says

Hurricane Erin to bring flooding to Jersey Shore, coastal Delaware

Find a Spirit Halloween Near You in East Texas

North Philadelphia day care director charged with assault involving 6

Republican Stacy Garrity seeks to challenge Pennsylvania Gov. Josh Shapiro’s reelection bid

TikTok Uproar, $20K Fundraiser Follow Felony Wiretap Conviction In Fort Gap Rape Case: DA

Trump plans executive order to ban mail-in voting after Putin advice

Dave Koz and his band were in flight delay hell. So they picked up their instruments

Bruce Springsteen's Favorite Ice Cream Shop Just Expanded To Colts Neck

Marlborough Dentist Hid Camera In Staff Bathroom

Man Killed In Construction Accident In Hudson Valley; Support Swells For Partner, Young Son

New Migrant Detention Center Opens in Texas Amid Protests

Trump Assures No U.S. Troops Will Be Sent to Ukraine

German Jets Scrambled Amid Russian Drone Attacks

Putin and Zelensky Plan Meeting Amid Ongoing Conflict

Abrego Garcia’s lawyers urge judge to drop his criminal case, alleging ‘vindictive and selective prosecution’

Texas Democrats End Walkout, Allow Redistricting to Proceed

Zelenskyy thanks Trump multiple times during meeting

Menendez Brothers Prepare for Parole Hearings This Week

See the giant omelette made from 10,000 eggs

Zelensky leaves Washington with Trump’s security guarantees, but are they enough?