The FBI and Cisco Talos have issued fresh warnings about a Russian cyber espionage campaign that has quietly compromised network devices around the world. The threat actor, tracked as Static Tundra, is linked to the Federal Security Service’s (FSB) Center 16 unit and has been active for more than a decade.
At the heart of its operations is an old weakness. Static Tundra continues to exploit CVE-2018-0171, a seven-year-old vulnerability in Cisco’s Smart Install feature. Cisco patched the flaw in 2018. Yet unpatched and end-of-life devices remain exposed. They are still being targeted.
Cisco Talos describes Static Tundra as “a Russian state-sponsored cyber espionage group specializing in network device exploitation to support long-term intrusion campaigns.”
