FBI warns of Russian cyberattacks on US critical infrastructure

Hackers linked to some of Russia’s most active cyber espionage units have spent the past year exploiting a vulnerability in older Cisco software to target thousands of networking devices connected to critical infrastructure IT systems, according to the FBI and Cisco on August 20.

Researchers from Cisco Talos, Sara McBroom and Brandon White, noted in a threat advisory, cited by Reuters, that hackers operating under the Russian Federal Security Service (FSB) Centre 16 are gathering “device configuration information en masse, which can later be leveraged as needed based on then-current strategic goals and interests of the Russian government.”

In a separate advisory, the FBI confirmed that over the past year it had observed these hackers collecting configuration files from “thousands of networking devices associated with U.S. entities across critical infrastructure sectors.” In some cases, the files are modified to allow long-term access, which the hackers use for network reconnaissance, particularly targeting industrial control systems.

The Russian embassy in Washington did not respond to requests for comment, while Moscow continues to deny engaging in cyber espionage operations.

The threat exploits a seven-year-old vulnerability in Cisco IOS software, primarily affecting unpatched and end-of-life network devices, according to Cisco Talos, the company’s threat intelligence unit. Researchers noted that other state-backed hackers may be conducting similar operations against these devices.

Organisations in the telecommunications, higher education, and manufacturing sectors across North America, Asia, Africa, and Europe have been the primary targets, with selections based on “their strategic interest to the Russian government,” the advisory said.

The hacking group behind these activities has been operating for at least a decade and is likely a subgroup within FSB Centre 16. In March 2022, the U.S. Department of Justice charged four Russian nationals from this group for illegally targeting the global energy sector between 2012 and 2018.

By Tamilla Hasanova