Ethical Hacking News
The FBI has issued a warning regarding the exploitation of a seven-year-old bug in end-of-life Cisco networking devices by the Russian Federal Security Service (FSB). The vulnerability was fixed in 2018, but the FSB's Center 16 has been actively exploiting it to snoop around in American critical infrastructure networks and collect information on industrial systems. Organizations must take proactive steps to patch vulnerabilities and maintain robust cybersecurity measures to protect themselves against such threats.
The FBI has warned of a vulnerability exploitation campaign by Russian Federal Security Service (FSB) Center 16 using a seven-year-old Cisco bug. The FSB's Center 16 is collecting configuration files from thousands of US networking devices and modifying them to gain unauthorized access. The attack exploits SNMP in end-of-life gear that some users never patched, targeting critical infrastructure networks and industrial systems. The victims are selected based on strategic interest to the Russian government, with other state-sponsored actors also prioritizing similar operations. Organizations must patch vulnerabilities, maintain robust cybersecurity measures, and stay informed about emerging threats to protect themselves against such attacks.
The FBI has issued a warning regarding the exploitation of a seven-year-old bug in end-of-life Cisco networking devices by the Russian Federal Security Service (FSB). The vulnerability, tracked as CVE-2018-0171, was fixed by Cisco in March 2018, but it appears that the FSB's Center 16, also known as Static Tundra, Berserk Bear, and Dragonfly, has been actively exploiting this bug to snoop around in American critical infrastructure networks and collect information on industrial systems.
According to a statement issued by the FBI, the agency detected the actors collecting configuration files for thousands of networking devices associated with US entities across critical infrastructure sectors. On some vulnerable devices, the actors modified configuration files to enable unauthorized access to those devices. The FBI has been tracking this campaign since last year and has confirmed that it is linked to the FSB's Center 16.
The FSB's Center 16 is a notorious cybercrime group that has been active for over a decade. They have targeted outdated networking gear that accepts legacy, unencrypted protocols like Cisco Smart Install (SMI) and Simple Network Management Protocol (SNMP). In addition, they have deployed custom malware for some Cisco devices, such as the 2015 SYNful Knock router implant.
The latest round of intrusions exploits SNMP in end-of-life gear that some users never got around to patching. The FSB's Center 16 has been using this bug to snoop around in critical infrastructure networks and collect information on industrial systems. This is not an isolated incident, as the FSB's Center 16 has been actively targeting telecommunications, higher education, and manufacturing organizations across North America, Asia, Africa, and Europe.
The victims of these attacks are selected based on their strategic interest to the Russian government. The Talos researchers, Sara McBroom and Brandon White, have assessed that the purpose of this campaign is to compromise and extract device configuration information en masse, which can later be leveraged as needed based on then-current strategic goals and interests of the Russian government.
However, many other state-sponsored actors also covet the access these devices afford. The Talos team warned that organizations should be aware that other advanced persistent threats (APTs) are likely prioritizing carrying out similar operations as well. This highlights the importance of patching vulnerabilities in end-of-life software and maintaining robust cybersecurity measures.
The FBI's warning serves as a reminder of the ongoing threat landscape, where nation-state actors like the FSB's Center 16 continue to exploit vulnerabilities to compromise critical infrastructure networks. It is essential for organizations to stay vigilant and implement effective cybersecurity measures to protect themselves against such threats.
In conclusion, the exploitation of a seven-year-old Cisco bug by the Russian FSB's Center 16 highlights the ongoing threat landscape in critical infrastructure networks. Organizations must take proactive steps to patch vulnerabilities, maintain robust cybersecurity measures, and stay informed about emerging threats.
Related Information:
https://www.ethicalhackingnews.com/articles/FBI-Warns-of-Russian-FSBs-Exploitation-of-7-Year-Old-Cisco-Bug-to-Slurp-Configs-from-Critical-Infrastructure-Networks-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/08/20/russian_fsb_cyberspies_exploiting_cisco_bug/
https://nvd.nist.gov/vuln/detail/CVE-2018-0171
https://www.cvedetails.com/cve/CVE-2018-0171/
Published: Wed Aug 20 14:17:18 2025 by llama3.2 3B Q4_K_M
