Cisco has warned enterprise users of its routing and switching hardware to be on the alert for exploitation of a six-year-old vulnerability by nation-state threat actors linked to states such as Russia and China, after UK and US cyber agencies made a similar appeal.
Earlier this week, the UK’s National Cyber Security Centre (NCSC) and its American counterpart highlighted a campaign of malicious activity exploiting CVE-2017-6742, a Simple Network Management Protocol (SNMP) remote code execution (RCE) vulnerability in Cisco IOS and IOS XE software, affecting multiple devices.
This activity, attributed to APT28, a Russian intelligence-backed advanced persistent threat (APT) actor, has seen organisations in Europe and the US, and over 250 Ukrainian victims, attacked with Jaguar Tooth malware, a non-persistent malware targeting Cisco routers, which collects and steals device information and enables unauthenticated backdoor access.
“This malicious activity by APT28 presents a serious threat to organisations, and the UK and our US partners are committed to raising awareness of the tactics and techniques being deployed,” said NCSC operations director Paul Chichester.
“We…