Russian Fancy Bear APT Exploited Unpatched Cisco Routers to Hack US, EU Gov’t Agencies

As recently as 2021, the notorious Russian APT28 was exploiting network routers running outdated versions of Cisco’s IOS and IOS XE operating system software, using them to deploy backdoors in networks across European and American government institutions.

APT28 — aka Fancy Bear, Strontium, Tsar Team, and Sofacy Group — is best known for its campaigns against Ukraine and the 2016 US elections. The UK National Cyber Security Centre (NCSC) has attributed this group to the 85th Special Service Centre, Military Intelligence Unit 26165, part of Russia’s General Staff Main Intelligence Directorate (GRU).

NCSC, National Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), and FBI this week published a joint advisory outlining one of APT28’s less technically impressive but more economic maneuvers. According to their findings, the group used unpatched Cisco routers to access “a small number” of EU and US government institutions, on top of “approximately 250 Ukrainian victims.”

Though the campaign took place two years ago, Cisco Talos in a blog post expressed how “deeply concerned” it is “by an increase in the rate of high-sophistication attacks on network infrastructure” by nation-state actors.

“We certainly have seen an increase over the last several years — even over the last six to 12 months — in targeting this type of infrastructure,” says JJ Cummings, national security principal at Cisco Talos. “I think this is probably only the tip of the iceberg.”

Taking Advantage of Vulnerable Routers

On June 29, 2017, Cisco revealed a series of vulnerabilities in

Read more

Explore the site

More from the blog

Latest News