The threat actors have been exploiting vulnerable networking devices to gain unauthorized access to critical infrastructure systems, demonstrating a calculated approach to compromising essential services.
The campaign leverages an unpatched vulnerability, CVE-2018-0171, found in Cisco Smart Install (SMI) protocol implementations alongside Simple Network Management Protocol (SNMP) weaknesses.
These attack vectors allow the threat actors to remotely access end-of-life networking devices that lack current security patches, creating persistent entry points into targeted networks.
FBI analysts identified that the threat actors have successfully collected configuration files from thousands of networking devices associated with US entities across multiple critical infrastructure sectors.
The scope of this operation reveals a systematic approach to mapping network architectures and identifying high-value targets within industrial control systems.
The FSB Center 16 unit operates under several aliases known to cybersecurity professionals, including “Berserk Bear,” “Dragonfly,” and more recently identified as “Static Tundra” by Cisco Talos researchers.
This threat group has maintained operations for over a decade, consistently targeting devices that accept legacy unencrypted protocols.
The attack methodology centers on sophisticated configuration file manipulation techniques that enable long-term persistence within compromised networks.
Once initial access is achieved through the CVE-2018-0171 vulnerability, the threat actors systematically modify device configuration files to establish backdoor access mechanisms.
These modifications are carefully crafted to blend with legitimate network configurations, making detection challenging for standard security monitoring tools.
The actors demonstrate particular interest in protocols and applications commonly associated with industrial control systems, suggesting strategic targeting of operational technology environments.
By maintaining access through modified configuration files, the threat group can conduct extended reconnaissance operations while remaining undetected within victim networks.
This persistent access method allows the attackers to monitor network traffic patterns, identify critical system dependencies, and potentially position themselves for future disruptive operations against essential infrastructure services.
Boost your SOC and help your team protect your business with free top-notch threat intelligence: Request TI Lookup Premium Trial.
The post FBI Warns of Russian Government Hackers Attacking Networking Devices of Critical Infrastructure appeared first on Cyber Security News.
We've seen the Alien and Predator franchises cross over numerous times across various media, but…
Check out this brand new deal on a high-capacity, high-output power bank with a huge…
It takes more than a single speaker to reproduce an entire soundstage. That's where Sonos'…
Two upcoming poetry Sangha events aim to engage participants in mindfulness meditation and spiritually-grounded personal…
North Korea has been running one of the most quietly effective cyber fraud operations in…
A rogue npm package named js-logger-pack has been caught quietly turning Hugging Face, a widely trusted AI…
This website uses cookies.