Russian state-sponsored hackers have targeted thousands of networking devices associated with U.S. critical infrastructure sectors over the past year, the FBI warned Wednesday.
The cyber actors are associated with the Russian Federal Security Service’s (FSB) Center 16 and have taken aim at a vulnerability in certain Cisco devices, according to an agency public service announcement.
In some cases, hackers have been able to modify configuration files to enable unauthorized access, which they have used to conduct reconnaissance on networks. This has “revealed their interest in protocols and applications commonly associated with industrial control systems,” the FBI said.
Cisco’s threat intelligence research arm, Talos, explained in a separate advisory that a subcluster of this group, which it has named “Static Tundra,” is targeting a seven-year-old vulnerability in the company’s Smart Install feature.
The firm has offered a patch for the vulnerability, but it remains a problem in unpatched and end-of-life network devices, it warned.
“Once they establish initial access to a network device, Static Tundra will pivot further into the target environment, compromising additional network devices and establishing channels for long-term persistence and information gathering,” Talos noted.
The telecommunications, higher education and manufacturing sectors are primary targets for the Russian hacking group. Talos urged Cisco customers Wednesday to apply the patch or disable the Smart Install feature.
