We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Russian Hackers Targeting Flaw In Cisco Routers

Russian Hackers Targeting Flaw In Cisco Routers
Author Image Zane Kennedy
Zane Kennedy Published on 25th April 2023 Cybersecurity Researcher

Russian hacking group APT28 has been exploiting a six-year-old vulnerability in Cisco routers to deploy malware and carry out surveillance on both individuals and organizations in the United States, Europe, and Ukraine.

The state-sponsored group has been using an old vulnerability, CVE-2017-6742, to execute code on routers and gain remote access. While Cisco had patched the vulnerabilities in 2017, many organizations failed to apply the fixes, leaving them open to attacks.

The US and UK cybersecurity agencies, including the UK National Cyber Security Centre (NCSC), the US National Security Agency (NSA), the US Cybersecurity and Infrastructure Security Agency (CISA) and the US Federal Bureau of Investigation (FBI), have issued a joint advisory, stating that “in 2021, APT28 used infrastructure to masquerade Simple Network Management Protocol (SNMP) access into Cisco routers worldwide. This included a small number based in Europe, US government institutions and approximately 250 Ukrainian victims.”

The joint advisory said that in their attacks, the hackers used SNMP exploits to deploy malware such as Jaguar Tooth, which allowed them to obtain additional device information and enable backdoor access to the system.

In a blog post, Cisco warned its customers that it “is deeply concerned by an increase in the rate of high-sophistication attacks on network infrastructure — that we have observed and have seen corroborated by numerous reports issued by various intelligence organizations — indicating state-sponsored actors are targeting routers and firewalls globally.”

The Cisco router flaw has previously allowed hackers to get a foothold in a preferred network, providing them with deep network visibility. The company advised its customers to use a well-selected SNMP community string and other best practices, which could prevent attacks even if a device remains unpatched.

Cisco also warned that the threat is not limited to its products — instead, it’s part of a broader campaign against aging networking appliances and software from various vendors. The company recommended that “if you are not using SNMP v3, even well-chosen credentials are transmitted in the clear and are subject to capture. NETCONF (Network Configuration Protocol) and RESTCONF are modern network management protocols designed to offer better security and functionality than their older counterpart, SNMP.”

Russia is not the only country taking such actions. CISA released a report indicating that Chinese adversaries are also targeting network equipment from a diverse range of manufacturers.

About the Author

Zane is a Cybersecurity Researcher and Writer at vpnMentor. His extensive experience in the tech and cybersecurity industries provides readers with accurate and trustworthy news stories and articles. He aims to help individuals protect themselves through informative content and awareness of cybersecurity's crucial role in today's digital landscape.