January 25, 2025

RESEARCH TRIANGLE PARK –  A group of Russian hackers known as APT28 also known as Fancy Bear is deploying malware in the West by exploiting what cybersecurity agencies in the U.S. and U.K.  call “poorly maintained Cisco routers.”

The group is described as a “highly skilled threat actor.”

Here is the joint warning announcement and explanation:

“The UK National Cyber Security Centre (NCSC), the US National Security Agency (NSA), US Cybersecurity and Infrastructure Security Agency (CISA)

Sponsored
and US Federal Bureau of Investigation (FBI) are releasing this joint advisory to provide details of tactics, techniques and procedures (TTPs) associated with APT28’s exploitation of Cisco routers in 2021.

“We assess that APT28 is almost certainly the Russian General Staff Main Intelligence Directorate (GRU) 85th special Service Centre (GTsSS) Military Intelligence Unit 26165. APT28 (also known as Fancy Bear, STRONTIUM, Pawn Storm, the Sednit Gang and Sofacy) is a highly skilled threat actor.”

To download the UK PDF version of this report:

Sponsored

To download the US PDF version of this report:

Earlier Activity

Previously attributed the following activity to APT28:

Related APT28 links

 

The post Russian hackers exploiting ‘poorly maintained’ Cisco routers for malware, security agencies warn first appeared on WRAL TechWire.

Russian hackers exploiting ‘poorly maintained’ Cisco routers for malware, security agencies warn first appeared on Web and IT News.

Leave a Reply

Your email address will not be published. Required fields are marked *