Russian hackers associated with the Federal Security Service (FSB) have been attacking a seven-year-old vulnerability in Cisco's IOS firmware to break into thousands of networking devices associated with critical infrastructure, the FBI and Cisco Talos say.
Researchers explain that the group, affiliated with FSB's Center 16, has been exfiltrating device configuration files in bulk. Those stolen files might then be employed by Moscow to further its strategic goals, based on international political requirements.
The FBI confirmed that it has followed hackers harvesting configuration information from devices associated with US organizations in critical sectors during the last year. In some instances, attackers went so far as to change configurations to create long-term backdoors for further reconnaissance of targeted networks. Industrial control systems seem to be a main target.
Cisco Talos researchers revealed that the hacking unit has been active for at least a decade. The same group was previously tied to cyberattacks on the global energy sector between 2012 and 2018, leading to US charges against four Russian nationals in 2022.
The ongoing campaign is broader than the energy industry, hitting sectors including telecommunications, higher education, and manufacturing in North America, Europe, Asia, and Africa. Victims are thought to be targeted for their strategic value to Russian interests.
The utilization of unpatched and old devices has further facilitated intruders to sneak in undetected. Cisco stressed that the vulnerability being exploited is within old software, especially legacy systems that are no longer maintained.
ALSO READ: Tulsi Gabbard Revokes Security Clearances of 37 US Intelligence Officials
The FBI and Cisco caution that Russian state-sponsored hackers alone are not taking advantage of the bug. Others are also likely to do so, sounding the alarm about the international cyber threat environment.
In spite of overwhelming evidence, Moscow still refuses to admit its hand in espionage activities. The Russian embassy in Washington did not comment on request.
Cybersecurity professionals emphasize the pressing importance for organizations to take out-of-date systems out of commission and close holes. While state-sponsored hacking campaigns mount, the danger reaches far beyond national frontiers, targeting industry and infrastructure globally.
