Russian Hackers Exploit Old Cisco Vulnerabilities in Critical Infrastructure Attacks
The FBI has highlighted a concerning cyber threat involving Russian hackers who have infiltrated thousands of networking devices linked to critical infrastructure IT systems, utilizing a seven-year-old vulnerability in older Cisco software.
Cisco Talos, the company’s threat intelligence unit, reported that the group targeted organizations in sectors like telecommunications, higher education, and manufacturing across North America, Asia, Africa, and Europe. The hackers did not demand ransom but instead chose targets based on their “strategic interest” to Russia, as detailed in the Cisco Talos blog.
Static Tundra: Russian State-Sponsored Espionage Group
The hacking group is known as Static Tundra. According to the report, this Russian state-sponsored cyber espionage operation aims to extract large-scale device configuration information for use based on current strategic goals and interests of the Russian government.
“Attacks from Russia are not unusual, but critical infrastructure faces increased risk during times of geopolitical tension,” noted Tracy Goldberg, Director of Cybersecurity at Javelin Strategy & Research. “Recent diplomatic efforts between Russia and the U.S., aimed at ending the conflict in Ukraine, could shift cybersecurity dynamics, making industries like finance and industry particularly vulnerable.”
Long-Term and Undetected Intrusions
The investigation revealed that Static Tundra has been active for over a decade, maintaining undetected access to targets. In recent attacks, hackers modified configuration files to enable unauthorized access to devices, then conducted reconnaissance within the victim networks, showing particular interest in industrial control system protocols and applications.
Exploiting Old Software Flaws
The group exploited a seven-year-old vulnerability in Cisco IOS software by targeting unpatched and end-of-life network devices. “Most cyber adversaries, including Russia, can be deterred with zero-trust policies and regular testing and patching,” Goldberg advised. Financial institutions should review their disaster recovery plans before the third and fourth quarters of 2025 to ensure robust cyberthreat response.
Latest Posts
-
Despite strong authentication methods, EU payment fraud rates are increasing.
The Revised Payments Services Directive (PSD2) and Open Banking in the…
BY
-
Visa’s Advisory Service for Stablecoins Seeks to Expand Market Access.
Visa Launches Stablecoin Advisory Service With its stablecoin business gaining momentum,…
BY
-
Nomura arranges a USD 500 million funding round for Plata.
Mexican fintech company Plata has secured up to $500 million in…
BY
-
Octane Lending secures $100 million in its Series F funding round.
Octane Lending, established in 2014, has recently secured a Series F…
BY
-
Revolut launches its new Revolut Mobile app.
Revolut has announced the launch of Revolut Mobile, a 5G data,…
BY
-
BaFin intensifies regulatory oversight of fintech N26.
BAFin has recently imposed stricter supervisory measures on N26, an online…
BY
-
EBA and ECB reports indicate stable fraud rates yet increasing losses.
The European Banking Authority (EBA) and the European Central Bank (ECB)…
BY
-
Modulr collaborates with Conferma to enhance travel and hotel payment efficiency.
Conferma and Modulr have entered into a strategic partnership to enhance…
BY
-
Klarna introduces new guidelines for AI-driven commerce with its agentic product protocol.
Klarna has unveiled a new open technical standard, known as the…
BY
-
HSBC and Ant International pilot a new cross-border payments solution on Swift’s network.
Ant International and HSBC have initiated a pilot project to test…
BY