The FBI issued a warning Aug. 20 that the Russian Federal Security Service’s (FSB) Center 16 has exploited a vulnerability in Cisco Smart Install and for the past year has been targeting critical infrastructure sectors in the U.S. and worldwide.
According to the FBI’s public service announcement, the FBI detected Russian FSB cyber actors, which Cisco Talos calls Static Tundra, exploiting simple network management protocol (SNMP) and end-of-life networking Cisco devices running with a CVSS 9.8 remote code execution (RCE) flaw from seven years ago, CVE-2018-0171.
Cisco Smart Install is a plug-and-play feature for “zero-touch” deployment of new switches. The FBI said the Russian cyber actors – also known to cyber pros as “Berserk Bear” and “Dragonfly” – collected modified configuration files to enable unauthorized access to those devices.