All news with #cisco tag

Salt Typhoon Exploits Router Flaws to Breach 600 Orgs

🔒Salt Typhoon, a China-linked APT, exploited vulnerabilities in Cisco, Ivanti, and Palo Alto Networks edge devices to compromise and persistently control routers worldwide. The actors modified device configurations, created GRE tunnels, and used on-box Linux containers to stage tools and exfiltrate data. Agencies from 13 countries linked the campaign to three Chinese firms and warned of espionage impacting telecoms, government, transport, lodging, and military sectors.

Chinese Tech Firms Linked to Salt Typhoon Espionage

🔍 A joint advisory from the UK, US and allied partners attributes widespread cyber-espionage operations to the Chinese APT group Salt Typhoon and alleges assistance from commercial vendors that supplied "cyber-related products and services." The report names Sichuan Juxinhe Network Technology, Beijing Huanyu Tianqiong Information Technology and Sichuan Zhixin Ruijie Network Technology. It warns attackers exploited known vulnerabilities in edge devices to access routers and trusted provider connections, and urges immediate patching, proactive hunting using supplied IoCs, and regular review of device logs.

Countering PRC State-Sponsored Network Compromise Worldwide

🛡️ U.S. and international agencies warn that People's Republic of China (PRC) state-sponsored actors have been compromising global networks since at least 2021 to collect communications and other intelligence. Actors targeted telecommunications backbone routers, provider- and customer-edge devices, and infrastructure across government, transportation, lodging, and military sectors. They exploited known CVEs (for example CVE-2024-21887, CVE-2024-3400, Cisco CVEs), modified devices to maintain persistence using on-box PCAP/containers and tunnels, and exfiltrated data via peering and covert channels. The advisory includes IP indicators, binary hashes, Yara/Snort rules, hunting guidance, and prioritized mitigations to patch, isolate management planes, harden credentials, and detect PCAP creation.

Russian State-Backed Static Tundra Exploits Cisco Devices

🧭 The author opens with a travel anecdote and practical reminders on securing devices while on the road, urging readers to update, back up, and avoid public charging or untrusted Wi‑Fi. The newsletter highlights field-tested precautions including disabling auto-connect, using VPNs or phone hotspots, enabling device tracking, and carrying power banks. It also warns of an active campaign by a Russian state-backed group targeting Cisco devices via CVE-2018-0171, urging immediate patching and hardening.

Static Tundra: Russian State Actor Targets Cisco Devices

🔒 Cisco Talos identifies the threat cluster Static Tundra as a long-running, Russian state-sponsored actor that compromises unpatched and end-of-life Cisco networking devices to support espionage operations. The group aggressively exploits CVE-2018-0171 and leverages weak SNMP community strings to enable local TFTP retrieval of startup and running configurations, often exposing credentials and monitoring data. Talos also observed persistent firmware implants, notably SYNful Knock, and recommends immediate patching or disabling Smart Install, strengthening authentication, and implementing configuration auditing and network monitoring to detect exfiltration and implanted code.

JJ Cummings on Managing Sensitive Threat Intelligence

🔒 At Talos, JJ Cummings — leader of the Threat Intelligence and Interdiction team — discusses the delicate work of handling partner-provided, sensitive information while conducting nation‑state investigations. He outlines how analysts create unattributable or alternatively attributable reporting to preserve sources and still deliver operationally useful findings. JJ credits colleagues such as Matt Olney and Ryan Pentney and emphasizes his team's role as force multipliers in incident response, threat hunting, and deep analysis.

Talos and NetHope Equip NGOs with Tailored TTX Decks

🔐 Talos, in collaboration with NetHope and Cisco Crisis Response, developed a customized Backdoors & Breaches expansion deck to help humanitarian aid NGOs improve incident response and proactive security within constrained budgets. The cards model real-world challenges—forced relocation, limited connectivity, and scarce resources—to make tabletop exercises practical and relevant for both technical and non-technical teams. Hundreds of physical decks have been distributed and a U.S.-focused edition was created with NGO-ISAC for domestic organizations. Resources and virtual play options are provided to lower barriers to adoption and scale training.