"NCSC-UK, NSA, and Partners Advise about APT28 Exploitation of Cisco Routers"

The National Security Agency (NSA), the UK's National Cyber Security Centre (NCSC), the FBI, and the Cybersecurity and Infrastructure Security Agency (CISA) have collaborated to publish a joint Cybersecurity Advisory (CSA) report on the tactics, techniques, and procedures (TTPs) related to APT28's exploitation of Cisco routers. APT28 is also known as Russian General Staff Main Intelligence Directorate (GRU) 85th Special Service Center (GTsSS) military intelligence unit 26165, Fancy Bear, STRONTIUM, Pawn Storm, the Sednit Gang, and Sofacy. The coalition disclosed the vulnerability that APT28 exploits to conduct reconnaissance and distribute malware on Cisco routers. APT28 cyber actors masqueraded Simple Network Management Protocol (SNMP) to exploit the vulnerability, tracked as CVE-2017-6742, and gain access to vulnerable Cisco routers worldwide. This included government institutions in the US, about 250 Ukrainian victims, and a small number of European victims. This article continues to discuss the joint CSA on APT28 exploiting a known vulnerability to carry out reconnaissance and deploy malware on Cisco routers.

NSA reports "NCSC-UK, NSA, and Partners Advise about APT28 Exploitation of Cisco Routers"