"The US State Department has put a $10 million bounty on the heads of three Russians accused of being intelligence agents hacking America's critical infrastructure - primarily via old Cisco kit, it seems. The alert directly connects them to reports of the Russian Federal Security Service's (FSB) Center 16 - aka Berserk Bear - accused of using a flaw (CVE-2018-0171) Cisco patched in 2018, but attackers recently exploited it in the Salt Typhoon hacking campaign,"
"Rrosecutors accuse Marat Valeryevich Tyukov, Mikhail Mikhailovich Gavrilov, and Pavel Aleksandrovich Akulovof, of targeting over 500 energy companies in 135 countries, using the ancient Cisco flaw to hijack thousands of networking devices to harvest information and install malware. "The FSB Center 16 unit conducting this activity is known to cybersecurity professionals by several names, including 'Berserk Bear' and 'Dragonfly,' which refer to separate but related cyber activity clusters," Las Vegas police warned last month."
Three Russian operatives linked to the FSB Center 16 face a $10 million U.S. bounty for exploiting an unpatched Cisco Smart Install flaw (CVE-2018-0171) to infiltrate critical infrastructure. Prosecutors allege the trio targeted over 500 energy companies across 135 countries since 2012, hijacking thousands of networking devices to harvest data and deploy malware. The unit reportedly abused legacy unencrypted protocols such as SMI and SNMP v1/v2 and deployed custom tools including the SYNful Knock malware. The vulnerability carries a CVSS 9.8 score and affects end-of-life Cisco IOS and IOS XE devices that many operators cannot patch. Targeted sectors include oil, gas, nuclear, and power utilities.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]