Summary: The threat actor #APT28, which is also known as #FancyBear, Forest Blizzard (formerly Strontium), FROZENLAKE, and Sofacy, and is affiliated with the Russian General Staff Main Intelligence Directorate (#GRU) in 2021 penetrated small number of entities in Europe, U.S. government institutions, and about 250 #Ukrainian victims.

It has been claimed that the threat actor #weaponized the vulnerability (CVE-2017-6742 (CVSS score: 8.8) is part of a set of remote code execution flaws that stem from a #BufferOverflow condition in the Simple Network Management Protocol (#SNMP) subsystem in Cisco IOS and IOS XE Software.) to deploy a non-persistent malware dubbed #JaguarTooth on #Cisco routers that's capable of gathering device information and enabling unauthenticated backdoor access.

Other related vulnerabilities not mentioned in the article are CVE-2023-29199 and CVE-2023-30547 (both rated 9.8 out of 10 on the CVSS) are being exploited. Updates and patches have been issued.

Source: U.S. and U.K. Warn of Russian Hackers Exploiting Cisco Router Flaws for Espionage (thehackernews.com)