Cyber-Attacks on US Critical Infrastructure Linked to Cisco Switch Flaw

Faybert

Level 24
Thread author
Verified
Top Poster
Well-known
Jan 8, 2017
1,318
Cisco Talos, the cyber-security division of US IT conglomerate Cisco, said today that hackers are abusing misconfigured Cisco switches to gain a point of entry into organizations across the world.
The Cisco Talos team says that some of these intrusion attempts are related to a Department of Homeland Security (DHS) alert sent out in mid-March.
In the US-CERT advisory, DHS warned that "Russian government cyber actors" have targeted and infiltrated organizations active in the US energy grid and other critical infrastructure networks.
Cisco Talos believes that some of the attacks against Cisco switches have been carried out by the same group described in the US-CERT advisory, tracked by various cyber-security firms under codenames such as Dragonfly, Crouching Yeti, and Energetic Bear.
Attacks linked to Cisco SMI protocol
These attacks, carried by Dragonfly but also other groups, have targeted the Cisco Smart Install (SMI) Client, a legacy utility designed to allow no-touch installation of Cisco switches, now
superseded by the Cisco Network Plug and Play solution.
.........
.........
.........
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top