Western Infrastructure at Risk: US, UK, and Russia Warn of Government Hackers and Cyber Attacks.
APT28, a Russian state-sponsored hacking group, has been deploying a custom malware named 'Jaguar Tooth' on Cisco IOS routers to gain unauthenticated access to the device. The malware is injected directly into the memory of Cisco routers running older firmware versions and exfiltrates information from the router while providing backdoor access. The threat actors exploit the CVE-2017-6742 SNMP vulnerability to install the malware. Cisco recommends upgrading routers to the latest firmware, switching from SNMP to NETCONF/RESTCONF, and configuring allow and deny lists to restrict access to the SNMP interface.