Adams explained that the Russian threat actors employ a multi-faceted approach: First, they exploit the unpatched CVE-2018-0171 vulnerability. Following a successful breach, they conduct network reconnaissance, focusing on industrial control system protocols. They also utilize sophisticated post-exploitation tools, such as custom SNMP tooling for persistence and the SYNful Knock firmware implant, to maintain covert access and evade detection for extended periods. https://lnkd.in/dRePswfM
Russian hackers exploit CVE-2018-0171, use custom tools for persistence
More Relevant Posts
-
The Federal Bureau of Investigation (FBI) and Cisco Talos warn that a Russian state-backed espionage group, Static Tundra (linked to FSB’s Center 16), is exploiting a seven-year-old Cisco Smart Install flaw (CVE-2018-0171) to target critical infrastructure worldwide. Thanks to Ernest Lefner (Gluware, Inc.), ☁️ Trey Ford (Bugcrowd), and Mayuresh Dani (Qualys) for their expert insights. 🔗 Read more: https://lnkd.in/gZxGbBtX ✍ Kirsten Doyle #ThreatIntel #CriticalInfrastructure #ISBNews
-
A zero-day vulnerability, with CVSS score of 10, affecting freePBX systems is currently under exploitation. Immediate update is critical to prevent compromise. https://lnkd.in/d-DEfaRZ
-
From SD-WAN to Zero Trust, today’s IT environments demand proof, not assumptions. Spirent Communications CyberFlood lets you test with real traffic at scale — validating performance, scalability, and security against real-world conditions. ✅ Stress-test up to 400G ✅ Validate VPN & ZTNA policies ✅ Simulate real apps, attacks & GenAI traffic Turn uncertainty into confidence with results you can trust. 🔗 Learn more: https://zurl.co/gPCy1 #Spirent #CyberFlood #NetworkTesting #SecurityValidation #AlJammazTechnologies
-
-
FBI and Cisco warn: Russia-linked Static Tundra is exploiting a seven-year-old Cisco Smart Install vulnerability to pillage thousands of unpatched network devices tied to power, water, #telecom, and other sectors https://lnkd.in/e7wTNQTR #IT #OT #CriticalInfrastructure
-
Nation-state actors are targeting core infrastructure like telecom networks, ISPs, and internet routing systems by leveraging lawful intercept tools and AI-powered social engineering to carry out long-term, strategic espionage — often undetected for years. Gregory Richardson, Vice President, Advisory CISO at BlackBerry, explains how campaigns like Salt Typhoon are forcing CISOs and telecom leaders to rethink their security priorities. Read the full Help Net Security interview: https://lnkd.in/dwJCd6KQ #BlackBerry #SecureCommunications #ZeroTrust #SaltTyphoon
-
ZTNA vs VPN: What’s the Difference? VPNs remain a trusted foundation for secure remote access, while Zero Trust Network Access (ZTNA) takes a more granular, identity-based approach. Both models have distinct strengths — and together they can provide comprehensive protection for modern businesses. 👉 Read the full comparison → https://openv.pn/4fTA3xN
-
PCAPs are a hassle-until they're not. At Black Hat USA NOC, Cisco integrated FMC with Endace Vision to pivot from alerts into Wireshark in one click-boosting PCAP use by 99% and giving full packet context for faster investigations. Learn more: http://oal.lu/hmKnq #ThreatDetection
-
PCAPs are a hassle-until they're not. At Black Hat USA NOC, Cisco integrated FMC with Endace Vision to pivot from alerts into Wireshark in one click-boosting PCAP use by 99% and giving full packet context for faster investigations. Learn more: http://oal.lu/0rK7h #ThreatDetection
-
PCAPs are a hassle-until they're not. At Black Hat USA NOC, Cisco integrated FMC with Endace Vision to pivot from alerts into Wireshark in one click-boosting PCAP use by 99% and giving full packet context for faster investigations. Learn more: http://oal.lu/4j9Nc #ThreatDetection
