The FBI and Cisco said that hackers from Center 16 of the Russian FSB have been actively exploiting a seven-year-old vulnerability in Cisco IOS over the past year to compromise thousands of critical infrastructure network devices in the United States and abroad.
According to Cisco Talos, the attackers collected configuration files from network equipment in the telecommunications, manufacturing and education sectors around the world. This data not only gave them a detailed map of the infrastructure, but also allowed them to modify settings for long-term access and covert espionage. The hackers paid particular attention to industrial control systems, which could jeopardize the operation of energy facilities and production processes.
The FBI confirmed that the attacks were aimed at thousands of devices related to critical sectors in the United States. The agency warns that the exploitation of this vulnerability can also be used by other state groups, as outdated and unpatched devices, including those that have already been removed from support, become targets.
FSB Center 16, which is held responsible for the attacks, has been known in the cyber community for more than a decade. In 2022, the US Department of Justice indicted four of its members in a multi-year hack of the global energy sector. Moscow has traditionally denied involvement in cyber espionage operations, but Cisco and FBI data confirm the systematic nature of the attacks.
A seven-year-old vulnerability in Cisco IOS, which is still exploited by intelligence agencies, highlights a critical problem – the use of outdated equipment without updates. To prevent such attacks, organizations should abandon legacy devices, promptly install patches and apply additional layers of monitoring and network segmentation.
