Advertisement
Subscribe to our daily newsletter.
Subscribe

Nation-state hackers hit Cisco switches

Hackers, some of them backed by a nation-state, have attacked Cisco switches in multiple countries, the tech giant’s cyber-threat intelligence division has revealed. Some of these attacks “are believed to be associated with nation-state actors, such as those described” in a recent Department of Homeland Security report that said Russian government hackers were targeting multiple U.S. industries, Cisco said.

By

Cisco
(Praytino / Flickr)

Hackers, some of them backed by a nation-state, have attacked Cisco switches in multiple countries, the tech giant’s cyberthreat intelligence division has revealed.

Some of the attacks “are believed to be associated with nation-state actors, such as those described” in a recent Department of Homeland Security report that said Russian government hackers were targeting multiple U.S. industries, Cisco said.

The campaign disclosed by Cisco exploits a protocol in a tool called Cisco Smart Install Client that installs switches. The protocol can be abused to conduct a series of actions, including modifying a server setting, to let an attacker execute Cisco networking software commands. Cisco used the scanning tool Shodan to identify more than 168,000 systems that could be vulnerable to this attack.

A March 15 DHS report blamed Russian government hackers for a multi-stage hacking campaign against the nuclear, critical manufacturing, and other U.S. sectors. The U.S. effort to call out alleged Russian malicious activity in cyberspace continued Friday with a fresh round of sanctions against Russian oligarchs and companies.

Advertisement

Nick Biasini, a threat researcher at Cisco’s Talos Security Intelligence and Research Group, said that while the weakness in Cisco switch protocols was “not a vulnerability in the classic sense, the misuse of this protocol is an attack vector that should be mitigated immediately.” In a blog post, he described switch commands that customers can run to detect and mitigate the vulnerability.

“It can be easy to ‘set and forget’ [perimeter] devices, as they are typically highly stable and rarely changed,” Biasini continued. “Combine this with the advantages that an attacker has when controlling a network device, and routers and switches become very tempting targets.”

Tony Cole, CTO of cybersecurity firm Attivo Networks, told CyberScoop that the attacks on Cisco switches showed that organizations are still slow to detect advanced hackers that have breached their networks. “Today’s preventative-focused security infrastructure is and will continue to be somewhat inept at stopping attacks,” Cole said.

Top White House cybersecurity adviser Rob Joyce urged Cisco customers to fix the vulnerability, tweeting, “Beware! There is growing malicious activity targeting the Cisco Smart Install Clients tool.”

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

In This Story

Advertisement
Advertisement

More Like This

Advertisement

Top Stories

Advertisement

More Scoops

The seals of the U.S. Cyber Command, the National Security Agency and the Central Security Service greet employees and visitors at the campus the three organizations share March 13, 2015 in Fort Meade, Maryland. The National Security Agency today released an advisory to the defense sector detailing APTs. (PHOTO: Chip Somodevilla/Getty Images)

Hackers maintained deep access inside military organization’s network, U.S. officials reveal

A U.S. government cybersecurity advisory includes details about the sophisticated attack on an unnamed defense industrial base organization.
By Suzanne Smalley

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

The logo of the podcast Safe Mode

Rumman Chowdhury on AI red-teaming; a Sisense supply chain attack

Government

Technology

Threats

Geopolitics