Tech
Moscow exploiting seven-year-old Cisco flaw, says FBI | Computer Weekly
Threat actors linked to the Russian government are falling back on a seven-year-old vulnerability in Cisco equipment that was first uncovered in 2018, according to a new warning from the FBI.
The flaw in question, tracked as CVE-2018-0171, exists in the Smart Install (SMI) feature of Cisco’s Internetwork Operating System (IOS) and IOS XE. It arises through the improper validation of packet data and is exploited by sending a specially-crafted Smart Install message to a vulnerable device on TCP port 4786.
If left unpatched, enables an unauthenticated, remote attacker to achieve a denial of service (DoS) condition, or to conduct remote code execution (RCE).
In the past year, the feds said they had detected threat actors collecting configuration files for thousands of end-of-life network devices vulnerable to CVE-2018-0171, which it said are still in use at multiple critical national infrastructure (CNI) operators in the US.
“On some vulnerable devices, the actors modified configuration files to enable unauthorised access to those devices,” said the FBI in a statement.
“The actors used the unauthorised access to conduct reconnaissance in the victim networks, which revealed their interest in protocols and applications commonly associated with industrial control systems.”
Beserk Bear
The US authorities said the unit conducting the current spate of intrusions was likely Beserk Bear, aka Dragonfly, a cyber unit of Russia’s Federal Security Service, the FSB, which is known to have targeted networking devices – particularly those that accept legacy protocols, and had previously worked on custom malwares that specifically targeted Cisco products, notably a strain referred to as SYNful Knock.
Cisco Talos researchers Sara McBroom and Brandon White said that Cisco had observed Beserk Bear – Static Tundra in its parlance – acting against Cisco products since at least 2015, and urged users to patch against CVE-2018-0171 as a matter of urgency.
“Customers are strongly urged to apply the patch immediately given active and ongoing exploitation of the vulnerability…. Devices that are beyond end of life and cannot support the patch require additional security precautions as detailed in the 2018 security advisory. Unpatched devices with Smart Install enabled will continue to be vulnerable to these and other attacks unless and until customers take action,” they said.
McBroom and White also pointed out that the threat actor’s targeting extends beyond the US and North America, with primary targets including organisations in the higher education, manufacturing and telecoms sectors in Asia, Africa and Europe. Beserk Bear’s victims appear to be selected based on their strategic value to the Russian government’s geopolitical and intelligence goals, they added.
“We assess that Static Tundra’s two primary operational objectives are, one, compromising network devices to gather sensitive device configuration information that can be leveraged to support future operations, and two, establishing persistent access to network environments to support long-term espionage in alignment with Russian strategic interests.
“Because of the large global presence of Cisco network infrastructure and the potential access it affords, the group focuses heavily on the exploitation of these devices and possibly also the development of tools to interact with and persist on these devices,” warned McBroom and White.
For airlines to run critical operations on networks that are set up and run for them, removing the complexity and cost of managing connectivity themselves, air industry tech firm SITA has launched a new network solution designed to support the demands of complex airport and transport environments.
With around 2,500 customers, SITA technology supports more than 1,000 airports and more than 19,600 aircraft worldwide. The company said that it also helps more than 70 governments “strike the balance between secure borders and seamless journeys” and connects 45-50% of the industry’s data exchange to enable complex global networks to operate smoothly and reliably.
As part of the latter aim, the SITA Campus Network, powered by HPE Aruba Networking, aims to offer a managed network service covering more than 150 countries wherein SITA takes care of the design, procurement, shipping, installation, configuration and support for all devices involved. Boasting a low total cost of ownership (TCO), SITA is proposing “one of the most competitive” fully managed local area network/wireless local area network (LAN/WLAN) available in the industry.
Explaining the rationale for the launch, SITA noted that managing networks across multiple locations, devices and suppliers is complex and costly. Furthermore, it said that when networks are fragmented, performance suffers and disruptions can spread quickly.
SITA Campus Network is attributed with being able to remove this burden by delivering a fully managed network across wired and wireless environments. The campus network is claimed to combine “robust” connectivity with centralised, cloud-based management to ensure consistent, reliable performance across airport campuses and other large transport hubs.
Designed for high-density environments such as terminals, hangars and airline operations centres, the solution is said to support large volumes of users and devices without compromising performance, even during peak demand. By integrating HPE technology into its managed service, SITA’s customers get a network that is centrally operated by SITA while retaining the flexibility to use different technologies and vendors.
Available in more than 145 countries, with 24/7 operational support, SITA assured that by reducing the need for costly hardware and simplifying operations the network lowers both upfront investment and ongoing costs. Its pay-as-you-go model allows customers to scale usage up or down based on demand, with rapid deployment across locations.
This is said to reduce the need for on-site support, spare equipment and recurring training, freeing up IT teams to focus on higher-value activities. Where needed, the campus network connects to SITA’s global wide-area network services. This connectivity links more than 600 airports worldwide.
As is the norm with other leading networking solutions, the SITA Campus Network uses AI to improve visibility across the network, detect issues earlier and automate troubleshooting, helping reduce downtime. It also provides centralised management, allowing infrastructure and devices to be monitored and controlled across both on-site systems and remote environments.
Martin Smillie SITA senior vice-president of communications and data exchange, said integrating diverse systems and devices across airport environments is becoming more complex as operations become more connected: “At the same time, expectations on performance, resilience and security continue to rise. With SITA Campus Network powered by Aruba, we take on that complexity. We deliver a network that is set up, run and continuously optimised, so our customers can focus on keeping operations moving while maintaining control across increasingly demanding environments.”
Sujai Hajela, executive vice-president and general manager for enterprise campus and branch at HPE, added: “Airports and airlines have to support thousands of staff, passengers and mission critical systems across terminals, gates and airside areas – and any network issue shows up immediately as delays and frustration.
“SITA Campus Network powered by HPE Aruba Networking is built on our secure, AI-native technology to deliver a self-driving network that spots and fixes problems in real time, often before anyone notices, so operations keep moving and passengers stay connected.”
Tech
Chinese hackers using compromised networks to spy on Western companies, says Five Eyes | Computer Weekly
China-linked hackers are using networks of vulnerable internet-connected devices, including home routers, printers and smart devices, as cover to mount espionage and hacking operations.
The technique is now used by the majority of China-linked hackers as a way to obscure hacking and espionage attacks launched against organisations in the West.
The UK’s National Cyber Security Centre (NCSC) and national agencies in nine other countries have warned today that Chinese-linked groups are now leveraging networks of infected devices “at scale” to target critical sectors globally and steal sensitive data.
According to an advisory issued by the Five Eyes intelligence-sharing alliance – comprising the UK, the US, Canada, Australia and New Zealand – and 10 other countries, Chinese groups are exploiting security vulnerabilities in unpatched internet devices to create networks to use as a staging post to launch further attacks.
“We know that China’s intelligence and military agencies now display an eye-watering level of sophistication in their cyber operations,” said NCSC chief Richard Horne in a speech at its CyberUK conference in Glasgow.
Covert networks hide ‘indicators of compromise’
The agencies warn that the Chinese tactics are making it difficult for organisations to detect and attribute malicious attacks on their computer networks using traditional “indicators of compromise”.
Chinese groups, for example, could use a UK-based infected device as a staging post to hack into a UK-based company, meaning that blocking non-UK IP addresses no longer provides a defence for overseas attacks.
They advise companies to adopt “adaptive, intelligence-driven measures” to better mitigate the risks, including monitoring traffic from internet-connected devices, virtual private networks (VPNs) and remote access devices to identify suspicious traffic.
Chinese-linked groups are able to evade detection by exploiting low-cost networks of infected devices that can rapidly be reconfigured so that traditional static IP block lists are no longer effective.
The networks are used for each phase of a cyber attack, from reconnaissance and malware delivery, to command and control and data exfiltration against targets of espionage and offensive cyber operations, according to the advisory.
Covert networks behind major hacking operations
Covert networks of compromised devices have been used by the Chinese state-sponsored group Volt Typhoon to pre-position for future attacks on critical national infrastructure (CNI).
The group has targeted communications, energy, transport and water services in the US, and has been able to maintain covert access to critical IT systems for five years or more.
It used a network of vulnerable Cisco and NetGear routers, which were no longer supported by the manufacturers and were no longer receiving updates of security patches.
Another Chinese group, Flax Typhoon, has used a covert network of 260,000 compromised devices, including routers, firewalls, webcams and CCTV cameras, to conduct cyber espionage against targets in multiple countries.
Hacking as a service
Chinese hacking groups have a choice of covert networks, each with potentially hundreds of thousands of endpoints, which frequently change, making it more difficult for companies targeted to block attacks, according to the advisory.
Chinese information security companies have maintained networks of infected devices, available as a service for Chinese-linked hacking groups.
Chinese company Integrity Technology Group controlled a network known as Raptor Train, which infected more than 200,000 devices worldwide in 2024.
Companies advised to take countermeasures
The NCSC advises companies to map internet-connected devices in their organisation and corporate VPNs, so they can understand which traffic is legitimate.
They should also introduce multifactor authentication (MFA) when employees use remote connections to dial into business networks.
Larger organisations can profile incoming connections based on operating systems, time zones, and the organisation’s systems configurations to identify legitimate traffic.
The Five Eyes and the NCSC advise the most at-risk organisations to actively track Chinese advanced persistent threats (APTs), using threat reports supplied by the NCSC to create dynamic block lists and rules to detect incoming threats.
“In recent years, we have seen a deliberate shift in cyber groups based in China utilising these networks to hide their malicious activity in an attempt to avoid accountability,” said Paul Chichester, NCSC director of operations. “We call on organisations to act now to better defend their critical assets.”
Chirp reinvented the wheel—or at least one type, the yoga wheel. Chirp Wheels are effective in relieving upper and lower back pain, sciatica, and tension headaches. WIRED contributor Hannah Singleton has said the Chirp Wheel XR-3 Pack has even helped undo her tech neck and alleviate her brain fog.
Recently, the wellness brand has expanded beyond its flagship wheels into recovery gear. The lineup now includes powered rolling massagers (which I’ve been using a lot lately for back pain relief), TENS units, and even a full massage table (Chirp Contour) that I’m currently testing (stay tuned for the full review). Where Chirp stands out from heavyweights like Hyperice and Therabody is in its simplicity and value. The products tend to focus on doing one thing well rather than piling on features you may never use. Chirp promos and discounts run frequently on the Chirp website, and we have Chirp discount codes, so you can get an even better deal on recovery gear that’s already reasonably priced.
Save up to 67% on Chirp Products With Daily Deals
I like checking Chirp’s Daily Deals page because the exclusive offers rotate frequently, and you can save as much as 67%. I’ve spotted the Chirp Wheel XR 3-Pack on there, but you’ll also find different versions of the wheel, along with storage accessories. Some wheels skip the pressure-point nodes, which can feel better if you’re focusing on improving spinal mobility and flexibility rather than digging into stubborn knots. If the Chirp RPM Mini pops up at a special discount, it’s worth considering for your first purchase. It’s essentially an electric roller that kneads muscles more gently than most percussive massage guns; it also comes with a carrying case, so you can toss it in a bag and take it with you.
Get a Free Chirp Wheel+ Deep Tissue 2-Pack When You Spend $99 or More
Spend $99 or more, and Chirp will throw in a complimentary Chirp Wheel+ Deep Tissue 2-Pack, which retails for $75. The bundle includes two wheels: a 6-inch Deep Tissue Wheel designed for larger muscle groups and a 4-inch Focus Wheel meant to target trigger points in the neck and other small areas. You’ll need to sign up for the email newsletter to claim the freebie before adding it to your order.
Get Free Shipping on Chirp Orders Over $75
Chirp customers receive free shipping on U.S. orders over $75, and the perk stacks with the brand’s daily deals and most codes. If you time it right, you can shave a decent chunk off the final price. No promo code at checkout required.
Chirp Discount Code: Select Customers Can Get 15% Off
Chirp offers a 15% discount to certain groups through an online verification process. That includes: active-duty military personnel, veterans, and their dependents; first responders and law enforcement officers; medical professionals and healthcare workers; and teachers and academic administrators at any grade level.
Hackers steal $2.5m from Sri Lanka finance ministry
Italy’s OVS’ FY25 sales rise 7% to $2.06 bn; beats market
Comcast beats revenue, earnings expectations as broadband losses improve
-
Fashion1 week agoFrance’s LVMH Q1 revenue falls 6%, shows resilience amid Iran war
-
Entertainment1 week agoIs Claude down? Here’s why users are seeing errors
-
Tech1 week agoThe Deepfake Nudes Crisis in Schools Is Much Worse Than You Thought
-
Sports1 week agoPSL 11: Peshawar Zalmi win toss, opt to field first against Quetta Gladiators
-
Politics1 week agoIran in continuous message exchange with mediator Pakistan after US talks: Report
-
Business1 week agoStandard Life buys rival in £2b deal to create savings giant
-
Tech1 week agoCYBERUK ’26: UK lagging on legal protections for cyber pros | Computer Weekly
-
Fashion1 week agoWhat no one is saying about the 2026 apparel slowdown