Legacy Devices Worldwide Under Siege From Hackers, FBI Warns
The FBI is warning that hackers from the Russian government are breaking into US critical infrastructure by plundering outdated routers and switches.
A keyboard
In an alert released on Wednesday, August 20, the agency is advising firms to shut down legacy equipment before it creates the possibility of more serious attacks.
Hardware, such as switches or routers, that a manufacturer no longer maintains or patches is known as an end-of-life (EOL) networking device. These devices may not be able to handle newer technologies or larger data loads without updates, making them more vulnerable to compromise.
The Simple Network Management Protocol (SNMP) has been exploited by cyber criminals connected to the Russian Federalnaya Sluzhba Bezopasnosti (FSB) Federal Security Service’s Center 16, according to the FBI.
Additionally, the FSB is using CVE-2018-0171, an unpatched Cisco Smart Install (SMI) vulnerability, to target organizations both domestically and internationally.
The bureau discovered the perpetrators gathering configuration files from thousands of networking devices connected to US critical infrastructure sectors during the course of the previous year.
The hackers changed settings on some susceptible devices to allow illegal access, then used that footing to carry out reconnaissance that revealed interest in applications and protocols frequently found in industrial control systems.
The FSB unit has been compromising network devices for over ten years; researchers have identified it as Berserk Bear, Dragonfly, and other comparable clusters.
They concentrate especially on those that use older, unencrypted protocols like SNMP versions 1 and 2 and SMI.
Additionally, the organization has installed customized tools on specific Cisco routers, such as the SYNful Knock virus that was made public in 2015.
Further analysis was released by Cisco Talos, which named Static Tundra as the threat actor.
Organizations should report suspected targeting or compromise to the FBI’s Internet Crime Complaint Center (IC3) or get in touch with a local FBI field office.
Prior to filing, check network equipment such as routers for malware or configuration changes, and mention the results in the IC3 report.
