"CISA, the NSA and Five Eyes partners - which include cyber agencies in the UK, New Zealand, Canada and Australia - issued the alert Wednesday and said two cyber vulnerabilities - denoted CVE-2026-20127 and CVE-2022-20775 - were discovered on exposed devices. A concurrent report produced by Cisco's cyber threat intelligence unit dubbed the hacking group as UAT-8616, assessing it as a "highly sophisticated cyber threat actor.""
"After confirming that hackers were actively exploiting the previously unknown vulnerability, Cisco researchers said they reviewed historical data and found evidence the malicious activity dated back to at least 2023. In written remarks, CISA said the conditions pose "an unacceptable risk to federal agencies and necessitate emergency action.""
"A critical advisory issued by Cisco said one of the vulnerabilities can let hackers "gain root privileges on the underlying operating system," giving them access to the affected device. A technical hunt guide was also released with the involved governments."
CISA, NSA, and Five Eyes intelligence partners identified a significant cyber threat exploiting two vulnerabilities in Cisco wide-area networking equipment. The vulnerabilities, CVE-2026-20127 and CVE-2022-20775, were discovered on exposed devices. Cisco's threat intelligence unit attributed the attacks to UAT-8616, a highly sophisticated cyber threat actor. Evidence shows malicious activity dating back to at least 2023. One vulnerability allows attackers to gain root privileges on the underlying operating system, providing complete device access. CISA declared the conditions pose an unacceptable risk to federal agencies, necessitating emergency action. The UK National Cyber Security Centre confirmed that malicious actors are targeting Cisco Catalyst SD-WAN systems used globally.
Read at Nextgov.com
Unable to calculate read time
Collection
[
|
...
]