Cisco Talos, the cyber-security division of US IT conglomerate Cisco, said today that hackers are abusing misconfigured Cisco switches to gain a point of entry into organizations across the world.
The Cisco Talos team says that some of these intrusion attempts are related to a Department of Homeland Security (DHS) alert sent out in mid-March.
In the
US-CERT advisory, DHS warned that "Russian government cyber actors" have
targeted and infiltrated organizations active in the US energy grid and other critical infrastructure networks.
Cisco Talos believes that some of the attacks against Cisco switches have been carried out by the same group described in the US-CERT advisory, tracked by various cyber-security firms under codenames such as
Dragonfly, Crouching Yeti, and Energetic Bear.
Attacks linked to Cisco SMI protocol
These attacks, carried by Dragonfly but also other groups, have targeted the Cisco Smart Install (SMI) Client, a legacy utility designed to allow no-touch installation of Cisco switches, now
superseded by the Cisco Network Plug and Play solution.
.........
.........
.........
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
