Russian cyber spy group APT28 backdoors Cisco routers via SNMP

Read Time:42 Second

APT28, the hacking arm of Russia’s GRU military intelligence agency has been backdooring Cisco routers by exploiting a remote code execution vulnerability in the Cisco IOS implementation of the simple network management protocol (SNMP), according to a statement by Western security agencies. The malware deployed on compromised routers patches the router’s authentication mechanism to always accept any password for any local user.

“In 2021, APT28 used infrastructure to masquerade simple network management protocol (SNMP) access into Cisco routers worldwide,” the UK National Cyber Security Centre (NCSC) said in a joint advisory with the US National Security Agency (NSA), the US Cybersecurity and Infrastructure Security Agency (CISA), and the US Federal Bureau of Investigation (FBI). “This included a small number based in Europe, US government institutions, and approximately 250 Ukrainian victims.”

To read this article in full, please click here

Smashing Security podcast #413: Hacking the hackers… with a credit card?

CVE Program Almost Unfunded

Hertz Data Breach Exposes Customer Information in Cleo Zero-Day Attack

China-Backed Hackers Exploit BRICKSTORM Backdoor to Spy on European Businesses

92% of Mobile Apps Found to Use Insecure Cryptographic Methods

Insurance firm Lemonade warns of breach of thousands of driving license numbers

Scalper Bots Fueling DVSA Driving Test Black Market

Chaos Reins as MITRE Set to Cease CVE and CWE Operations

Chaos Reigns as MITRE Set to Cease CVE and CWE Operations