(MENAFN- Kuwait News Agency (KUNA)) WASHINGTON, Aug 20 (KUNA) - The US Federal Bureau of Investigation (FBI) warned the public, private sector, and international community of the threat posed to computer networks and critical infrastructure by government cyber actors attributed to the Russian Federal Security Service's (FSB) Center 16.
The FBI said in a statement on Wednesday that they detected FSB cyber actors exploiting Simple Network Management Protocol (SNMP) and end-of-life networking devices running an unpatched vulnerability (CVE-2018-0171) in Cisco Smart Install (SMI) to broadly target entities in the United States and globally.
In the past year, the FBI detected the actors collecting configuration files for thousands of networking devices associated with US entities across critical infrastructure sectors. On some vulnerable devices, the actors modified configuration files to enable unauthorized access to those devices.
The actors used the unauthorized access to conduct reconnaissance in the victim networks, which revealed their interest in protocols and applications commonly associated with industrial control systems, according to the statement.
The FSB Center 16 unit conducting this activity is known to cybersecurity professionals by several names, including "Berserk Bear" and "Dragonfly," which refer to separate but related cyber activity clusters.
For over a decade, this unit has compromised networking devices globally, particularly devices accepting legacy unencrypted protocols like SMI and SNMP versions 1 and 2.
This unit has also deployed custom tools to certain Cisco devices, such as the malware publicly identified as "SYNful Knock" in 2015, it added. (end)
asj

MENAFN20082025000071011013ID1109955662