Russian Hackers Accused of Compromising Cisco Hardware To Gather Intelligence for State Interests Since 2021

A Russian state-sponsored cyber espionage group has been targeting Cisco devices to gather intelligence useful to the Russian government, according to the threat intelligence research team Cisco Talos.

The group, known as Static Tundra, has been operating for more than a decade and is linked to Russia’s Federal Security Service (FSB).

Cisco Talos researchers note that Static Tundra hackers utilize a seven-year-old vulnerability in Cisco IOS software’s Smart Install feature. The hackers specifically target unpatched and end-of-life Cisco network devices at organizations in the telecommunications, higher education and manufacturing sectors across North America, Asia, Africa and Europe.

The researchers note the victims are picked “based on their strategic interest to the Russian government.”

“Since at least 2021, Static Tundra has been observed aggressively exploiting CVE-2018-0171, a known and patched vulnerability in Cisco IOS software and Cisco IOS XE software that could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device…

We assess that Static Tundra’s two primary operational objectives are 1) compromising network devices to gather sensitive device configuration information that can be leveraged to support future operations, and 2) establishing persistent access to network environments to support long-term espionage in alignment with Russian strategic interests.”

Featured Image: Shutterstock/ValDan22