# FBI Warns of Russian Hacks Targeting US Critical Infrastructure
A recent threat advisory issued by Cisco, in partnership with the FBI, has revealed a sophisticated cyber espionage operation targeting critical infrastructure IT systems in the United States. Hackers associated with some of Russia's most prolific cyber espionage units have been leveraging a vulnerability in older Cisco software to compromise thousands of networking devices.
The hackers, who work within the Russian Federal Security Service (FSB) Center 16, are extracting "device configuration information en masse," which can later be used based on current strategic goals and interests. This information includes details such as IP addresses, passwords, and other sensitive data that can provide a significant advantage to the hackers.
The FBI has detected the hackers collecting configuration files for thousands of networking devices associated with US entities across critical infrastructure sectors over the past year. In some cases, the configuration files are modified to enable long-term access for the hackers, who use this access to conduct reconnaissance in targeted networks. The hackers have a particular interest in industrial control systems.
The Russian embassy in Washington has not responded to a request for comment on this matter. Moscow denies conducting cyber espionage operations.
The hackers are exploiting a seven-year-old vulnerability in Cisco IOS software, targeting unpatched and end-of-life network devices. Other state-backed hackers are likely conducting similar hacking operations targeting these devices, according to a separate threat advisory published by Cisco Talos.
Organizations within the telecommunications, higher education, and manufacturing sectors across North America, Asia, Africa, and Europe have been most targeted, with victims selected based on their strategic interest to the Russian government. The hacking unit linked to this activity has been operating for at least a decade and is likely a subgroup within the FSB's Center 16.
In March 2022, the US Department of Justice charged four Russian nationals within the group of illegally targeting the global energy sector between 2012 and 2018. This is not the first time Russia has been linked to cyber espionage operations against the United States.
The recent threat advisory issued by Cisco and the FBI highlights the importance of maintaining cybersecurity protocols and staying up-to-date with software patches. Organizations must take proactive measures to protect themselves against these types of attacks, including regularly updating their software and implementing robust security measures.
# What You Need To Know
* Hackers are exploiting a seven-year-old vulnerability in Cisco IOS software to target unpatched and end-of-life network devices. * Thousands of networking devices associated with critical infrastructure IT systems have been compromised. * The hackers are extracting device configuration information en masse, which can be used later based on current strategic goals and interests. * Organizations within the telecommunications, higher education, and manufacturing sectors across North America, Asia, Africa, and Europe have been most targeted.
# Stay Safe Online
To protect yourself against these types of attacks, make sure to:
* Regularly update your software and operating system. * Implement robust security measures, such as firewalls and antivirus software. * Use strong passwords and keep them confidential. * Be cautious when clicking on links or opening attachments from unknown sources.
By taking these steps, you can significantly reduce the risk of falling victim to a cyber attack.