News: 0178845292

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

FBI Warns Russian Hackers Targeted 'Thousands' of Critical US Infrastructure IT Systems (thehill.com)

(Sunday August 24, 2025 @11:34AM (EditorDavid) from the network-effects dept.)


[1]The Hill reports :

> Russian state-sponsored hackers have targeted thousands of networking devices associated with U.S. critical infrastructure sectors over the past year, [2]the FBI warned Wednesday . The cyber actors are associated with the Russian Federal Security Service's (FSB) Center 16 and have taken aim at a vulnerability in certain Cisco devices, according to an agency public service announcement.

>

> In some cases, hackers have been able to modify configuration files to enable unauthorized access, which they have used to conduct reconnaissance on networks. This has "revealed their interest in protocols and applications commonly associated with industrial control systems," the FBI said.

>

> Cisco's threat intelligence research arm, Talos, explained in a separate advisory that a subcluster of this group, which it has named "Static Tundra," is targeting a seven-year-old vulnerability in the company's Smart Install feature. The firm has offered a patch for the vulnerability, but it remains a problem in unpatched and end-of-life network devices, it warned.

"Once they establish initial access to a network device, Static Tundra will pivot further into the target environment, compromising additional network devices and establishing channels for long-term persistence and information gathering," warns [3]the Talos blog . "This is demonstrated by the group's ability to maintain access in target environments for multiple years without being detected."

In [4]a statement emailed to The Register , a Cisco spokesperson "said the company is aware of ongoing exploitation targeting this flaw."

> "We strongly urge customers to immediately upgrade to fixed software versions as outlined in [5]the security advisory and follow our published security best practices," the spokesperson said, directing customers to the FBI's announcement and Cisco Talos blog for additional details.

>

> The ongoing campaign targets telecommunications, higher education, and manufacturing organizations across North America, Asia, Africa, and Europe, "with victims selected based on their strategic interest to the Russian government," according to Talos researchers Sara McBroom and Brandon White. "We assess that the purpose of this campaign is to compromise and extract device configuration information en masse, which can later be leveraged as needed based on then-current strategic goals and interests of the Russian government," McBroom and White [6]wrote .

>

> And while both security alerts focus on the FSB's latest round of network intrusions, "many other state-sponsored actors also covet the access these devices afford," the Talos team warned. "Organizations should be aware that other advanced persistent threats (APTs) are likely prioritizing carrying out similar operations as well."

Some [7]context from Hot Hardware :

> Cisco indicated in its advisory that "Only Smart Install client switches are affected by the vulnerability". The list of affected devices is in Table A-1 here. For a successful attack, hackers exploit a vulnerability tracked as CVE-2018-0171. This was a vulnerability that was patched way back in 2018.



[1] https://thehill.com/policy/technology/5463287-russian-hackers-targeting-critical-infrastructure-it-systems-fbi/

[2] https://www.ic3.gov/PSA/2025/PSA250820

[3] https://blog.talosintelligence.com/static-tundra/

[4] https://www.theregister.com/2025/08/20/russian_fsb_cyberspies_exploiting_cisco_bug/

[5] https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20180328-smi2.html

[6] https://blog.talosintelligence.com/static-tundra/

[7] https://hothardware.com/news/fbi-warns-cisco-device-russian-hacking


Man Russia is getting a lot (Score:1)

by 50000BTU_barbecue ( 588132 )

Of mileage out of washing machine CPUs!

They stopped using Windows11 .. (Score:2)

by burni2 ( 1643061 )

.. so they can get much more mileage out of decent and very cheap 2nd hand hardware.

Re: (Score:1)

by Anonymous Coward

Trump probably slipped him a few better ones as part of his Russian appeasement program.

I'm surprised the fbi is allowed to tell us they caught some russians. didn't trump stop them from reporting things like that already?

Critical Systems? (Score:3, Insightful)

by dbialac ( 320955 )

Why are critical systems on the internet?

Re: (Score:2)

by namgge ( 777284 )

Why is Russia on the internet?

Re:Critical Systems? (Score:4)

by ole_timer ( 4293573 )

cost savings

Re: Critical Systems? (Score:2)

by Dragonslicer ( 991472 )

Because some of them are part of the Internet?

Re: (Score:2)

by dbialac ( 320955 )

Let me clarify: water, power, gas, sewage. Why are these on the internet? They go down and we're in a really bad situation. I've been through enough natural disasters in Florida and North Carolina to know what that's like. Given that, I have an idea how catastrophic that will be if that happens everywhere. In the disasters I've been through, utility companies come in from all over the country to help out. They won't be available if everything is wiped out. The entire country will be crippled. If these utili

Re: (Score:2)

by jenningsthecat ( 1525947 )

I agree with your sentiment, but something you said needs to be expanded upon:

> Let me clarify: water, power, gas, sewage. Why are these on the internet? They go down and we're in a really bad situation.

Some people may not realize that managing these items has become so complex that computers and data comms are critical. We can and should discuss whether or not the open internet is a suitable backbone for the job, either as a primary or as a backup. But wide-area data communications in utilities management is a necessity.

Personally, I'd like to see closed networks using dedicated lines and microwave towers as required. That would

Re: Critical Systems? (Score:1)

by dunqstooze ( 8340805 )

So that the control operators can WFH.

What will be Trumps response to this aggression (Score:2, Informative)

by sixminuteabs ( 1452973 )

Maybe he will give Putin another blowjob in the back of the beast

In other words... (Score:4, Insightful)

by YuppieScum ( 1096 )

...America failed to realise that other people could follow their Stuxnet playbook, and so failed to ensure that the country's critical infrastructure was properly hardened against attack.

Of course, most of that infrastructure is in private hands, and shareholder dividends always trump investment.

Re: In other words... (Score:2)

by solo2racer ( 695453 )

If we ever get into a hot war with Russia or China, they're going to shut the US down as hard as the Cylons did in BSG 2004.

Re: (Score:2)

by ArchieBunker ( 132337 )

My electricity supplier is owned by a consortium of global private equity firms. Remind me again why this was allowed to happen?

cyber defence (Score:3, Interesting)

by homerbrew ( 10094532 )

It comes right when our "leader" killed our cyber defense and actively removed any monitoring of Russia (probably he was commanded to by Putin). We are so screwed thanks to the incompetence pouring out of DC today.

Re: (Score:2)

by jacks smirking reven ( 909048 )

His supporters would say this is his "madman" negotiating style but it's been 9 years of this and what great deal has his tactic or in general has he made that nobody else could have? Nobody believes him, it's all for show, he's a coward and a terrible negotiator.

tRumo dismantled cyber security for Russia (Score:3)

by SysEngineer ( 4726931 )

tRump shut down the cyber security group the protected the US from Russia attacks

Trump's Boyfriend at it Again (Score:3)

by BrendaEM ( 871664 )

We have too many traitors in the country.

Re: (Score:2)

by sacrilicious ( 316896 )

So were Trump and Satan just a summer thing?

What did anyone expect? (Score:3)

by Lobotomy656 ( 7554372 )

President Epstein dismantled US cybersecurity like the good KGB agent he is, stopped monitoring for threats so they have an easier time and publicly said "what you gonna do?" when asked by the press about those attacks. Repeat after me: US elected russian agent Krasnov as president and the GOP is ecstatic about it.

"was patched"? (Score:2)

by clovis ( 4684 )

The summary had a comment from the Cisco advisory, "This was a vulnerability that was patched way back in 2018." I doubt that is true.

A correct statement would be "This was a vulnerability for which a patch was released way back in 2018."

Speaking as a retired sysadmin, I can assure you those two sentences are not the same at all.

At about 2500 A.D., humankind discovers a computer problem that *must* be
solved. The only difficulty is that the problem is NP complete and will
take thousands of years even with the latest optical biologic technology
available. The best computer scientists sit down to think up some solution.
In great dismay, one of the C.S. people tells her husband about it. There
is only one solution, he says. Remember physics 103, Modern Physics, general
relativity and all. She replies, "What does that have to do with solving
a computer problem?"
"Remember the twin paradox?"
After a few minutes, she says, "I could put the computer on a very
fast machine and the computer would have just a few minutes to calculate but
that is the exact opposite of what we want... Of course! Leave the
computer here, and accelerate the earth!"
The problem was so important that they did exactly that. When
the earth came back, they were presented with the answer:

IEH032 Error in JOB Control Card.