APT28 Hackers Target Cisco Routers with Custom Malware

Cisco routers targeted with ‘Jaguar Tooth’ malware by Russian hacking group APT28

US and UK intelligence agencies, along with Cisco, have issued a joint report warning about state-sponsored APT28 hackers who are exploiting an old SNMP flaw on Cisco IOS routers.

APT28 is a Russian hacking group that has been linked to Russia’s General Staff Main Intelligence Directorate (GRU), and is known for conducting cyber espionage against European and US interests. The group has been using a custom malware named ‘Jaguar Tooth’ to gain unauthenticated access to the targeted devices.

APT28 group’s Jaguar Tooth malware through SNMP exploit

Jaguar Tooth is malware that targets Cisco IOS routers running firmware: C5350-ISM, Version 12.3(6), and once installed, it exfiltrates information from the router and provides unauthenticated backdoor access to the device. The malware is injected directly into the memory of Cisco routers running older firmware versions, exploiting the CVE-2017-6742 SNMP vulnerability, fixed in June 2017.

The threat actors scan for public Cisco routers using weak SNMP community strings, and if they find a valid SNMP community string, they exploit the vulnerability to gain access to the router’s memory and install Jaguar Tooth.

The report highlights a growing trend of state-sponsored threat actors creating custom malware for networking devices to conduct cyber espionage and surveillance.

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link