The FBI reported intrusions over the past year in which Russian-linked hackers stole configuration files from thousands of U.S. networking devices, some tied to industrial control systems, modifying settings to secure persistent access despite Moscow’s repeated denials of cyber espionage
Hackers linked to Russia’s intelligence services have been exploiting a long-standing Cisco software vulnerability to infiltrate thousands of networking devices tied to critical infrastructure worldwide, according to fresh warnings issued Wednesday (August 20) by the FBI and Cisco.
Researchers at Cisco Talos said attackers connected to the Russian Federal Security Service’s (FSB) Center 16 have been systematically harvesting device configuration data from unpatched and outdated Cisco IOS software. The stolen information, they noted, could later be weaponized to support Moscow’s strategic interests.
The FBI confirmed that it has observed intrusions over the past year, with configuration files taken from thousands of U.S. networking devices, many linked to industrial control systems. Investigators warned that in some instances, the hackers altered settings to maintain long-term access, giving them a foothold to conduct reconnaissance and prepare for potential disruptive operations.
Moscow has consistently denied accusations of cyber espionage. The Russian embassy in Washington did not respond to a request for comment on the latest findings.
Global targets and strategic motives
Cisco Talos highlighted that the vulnerability being exploited is more than seven years old, making unpatched or end-of-life devices particularly attractive to attackers. While the current campaign is attributed to Russian state actors, researchers cautioned that other nation-state groups may be running similar operations.
Victims identified in the campaign span several regions, with higher concentrations in North America, Asia, Africa, and Europe. Targeted sectors include telecommunications, higher education, and manufacturing—areas considered strategically valuable to Russian intelligence priorities.
The hacking group tied to the operation has been active for over a decade and is believed to be a subgroup within FSB’s Center 16. The same unit has been previously implicated in campaigns against the global energy sector, with U.S. prosecutors charging four Russian nationals in 2022 for attacks dating back to 2012.
The FBI and Cisco urged organizations to update or replace vulnerable Cisco devices, warning that outdated hardware continues to provide a gateway for advanced espionage campaigns.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
