RUSSIAN state-sponsored APT actors are increasingly targeting networking devices, specifically routers, to compromise critical infrastructure globally, according to a joint advisory by the US and allied countries. These actors utilize poorly secured devices and exploit vulnerabilities in Cisco devices (notably CVE-2008-4128 and CVE-2018-0171) for unauthorized access. Target sectors include communications, energy, finance, and healthcare.
Methods observed include sending SNMP requests to extract device configurations. Security advisories recommend disabling vulnerable SNMP versions, utilizing strong passwords, restricting access, and keeping device firmware updated to mitigate risks.