A Russian state-sponsored cyber espionage campaign, linked to the FSB's Center 16 unit, has been actively exploiting a seven-year-old vulnerability (CVE-2018-0171) in Cisco devices using the Smart Install feature. This flaw affects unpatched and end-of-life networking equipment, such as Catalyst and Nexus switches, enabling attackers to execute code or crash devices remotely. Over the past year, these operators collected configuration files from thousands of compromised devices—sometimes modifying them to enable unauthorized access—and conducted reconnaissance focused on industrial control systems.

The group, known by names including Static Tundra, Berserk Bear, Dragonfly, and Energetic Bear, has targeted organizations across sectors like telecommunications, higher education, and manufacturing in regions spanning North America, Europe, Asia, and Africa. Operating covertly for over a decade, they’ve leveraged legacy protocols like SMI and SNMP and even deployed implants such as SYNful Knock. The campaign underscores how persistent exploitation of known vulnerabilities in legacy infrastructure remains a potent security risk.

‍

Source: https://industrialcyber.co/threats-attacks/russian-fsb-center-16-exploits-decade-old-cisco-flaw-in-cyber-espionage-campaign-to-target-critical-infrastructure/