Static Tundra Exploits Cisco IOS Flaw for Cyber Espionage
Summary
Hide β²
Show βΌ
The Russian state-sponsored cyber espionage group Static Tundra, also known as Berserk Bear, Blue Kraken, Castle, Crouching Yeti, Dragonfly, Ghost Blizzard, and Koala Team, has been actively exploiting a seven-year-old vulnerability in Cisco IOS and Cisco IOS XE software to gain persistent access to target networks. The attacks target organizations in telecommunications, higher education, and manufacturing sectors across North America, Asia, Africa, and Europe. The vulnerability, CVE-2018-0171, allows unauthenticated, remote attackers to execute arbitrary code or trigger a denial-of-service condition. The group, linked to the FSB's Center 16 unit, focuses on long-term intelligence gathering operations. The FBI and Cisco Talos have issued advisories warning about the ongoing exploitation of CVE-2018-0171 by Static Tundra. The FBI has observed FSB cyber actors exploiting SNMP and end-of-life networking devices running the unpatched vulnerability to target entities in the United States and globally. The attackers collect configuration files for thousands of networking devices and modify them to facilitate unauthorized access. They use custom tools like SYNful Knock to maintain persistence within victim networks. Static Tundra uses publicly-available scan data to identify systems of interest and sets up GRE tunnels to redirect traffic to attacker-controlled infrastructure. The group's activities are primarily focused on unpatched, end-of-life network devices to establish access on primary targets and facilitate secondary operations. The ongoing campaign highlights the importance of maintaining a current inventory of network infrastructure and prioritizing patching for end-of-life devices. The FBI has also warned about the group targeting US state, local, territorial, and tribal (SLTT) government organizations and aviation entities over the last decade. The U.S. Department of State is offering up to $10 million for information on three FSB officers involved in cyberattacks targeting U.S. critical infrastructure.
Timeline
-
20.08.2025 18:59 π° 5 articles Β· β± 27d ago
Static Tundra Exploits Cisco IOS Flaw for Cyber Espionage
The US Department of State has announced rewards of up to $10 million for information on three FSB officers: Pavel Aleksandrovich Akulov, Mikhail Mikhailovich Gavrilov, and Marat Valeryevich Tyukov. These officers, part of the FSB's Center 16, have been exploiting the CVE-2018-0171 vulnerability in Cisco networking devices to breach organizations across various sectors. The FBI has warned about the ongoing exploitation of this vulnerability, which allows unauthenticated, remote attackers to execute arbitrary code or trigger a denial-of-service condition. The FSB officers targeted more than 380 foreign energy-sector companies in 135 countries and were charged in March 2022 for a campaign between 2012 and 2017 targeting U.S. government agencies and energy companies. The U.S. Department of State encourages reporting through the Tor-based tips-reporting channel for information on the FSB officers' activities. The group's activities are primarily focused on unpatched, end-of-life network devices to establish access on primary targets and facilitate secondary operations. The ongoing campaign highlights the importance of maintaining a current inventory of network infrastructure and prioritizing patching for end-of-life devices. The FBI has also warned about the group targeting US state, local, territorial, and tribal (SLTT) government organizations and aviation entities over the last decade.
Show sources
- FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage β thehackernews.com β 20.08.2025 18:59
- FBI, Cisco Warn of Russian Attacks on 7-Year-Old Flaw β www.darkreading.com β 20.08.2025 22:39
- FBI warns of Russian hackers exploiting 7-year-old Cisco flaw β www.bleepingcomputer.com β 21.08.2025 15:04
- US offers $10 million bounty for info on Russian FSB hackers β www.bleepingcomputer.com β 03.09.2025 22:01
- US Offers $10 Million for Three Russian Energy Firm Hackers β www.securityweek.com β 04.09.2025 15:25
Information Snippets
-
Static Tundra is exploiting CVE-2018-0171, a critical flaw in Cisco IOS and IOS XE software, to gain persistent access to target networks.
First reported: 20.08.2025 18:59π° 4 sources, 5 articlesShow sources
- FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage β thehackernews.com β 20.08.2025 18:59
- FBI, Cisco Warn of Russian Attacks on 7-Year-Old Flaw β www.darkreading.com β 20.08.2025 22:39
- FBI warns of Russian hackers exploiting 7-year-old Cisco flaw β www.bleepingcomputer.com β 21.08.2025 15:04
- US offers $10 million bounty for info on Russian FSB hackers β www.bleepingcomputer.com β 03.09.2025 22:01
- US Offers $10 Million for Three Russian Energy Firm Hackers β www.securityweek.com β 04.09.2025 15:25
-
The vulnerability allows unauthenticated, remote attackers to execute arbitrary code or trigger a denial-of-service condition.
First reported: 20.08.2025 18:59π° 3 sources, 3 articlesShow sources
- FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage β thehackernews.com β 20.08.2025 18:59
- FBI, Cisco Warn of Russian Attacks on 7-Year-Old Flaw β www.darkreading.com β 20.08.2025 22:39
- FBI warns of Russian hackers exploiting 7-year-old Cisco flaw β www.bleepingcomputer.com β 21.08.2025 15:04
-
Targeted sectors include telecommunications, higher education, and manufacturing across North America, Asia, Africa, and Europe.
First reported: 20.08.2025 18:59π° 3 sources, 4 articlesShow sources
- FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage β thehackernews.com β 20.08.2025 18:59
- FBI, Cisco Warn of Russian Attacks on 7-Year-Old Flaw β www.darkreading.com β 20.08.2025 22:39
- FBI warns of Russian hackers exploiting 7-year-old Cisco flaw β www.bleepingcomputer.com β 21.08.2025 15:04
- US offers $10 million bounty for info on Russian FSB hackers β www.bleepingcomputer.com β 03.09.2025 22:01
-
Static Tundra is linked to the FSB's Center 16 unit and has been operational for over a decade.
First reported: 20.08.2025 18:59π° 4 sources, 5 articlesShow sources
- FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage β thehackernews.com β 20.08.2025 18:59
- FBI, Cisco Warn of Russian Attacks on 7-Year-Old Flaw β www.darkreading.com β 20.08.2025 22:39
- FBI warns of Russian hackers exploiting 7-year-old Cisco flaw β www.bleepingcomputer.com β 21.08.2025 15:04
- US offers $10 million bounty for info on Russian FSB hackers β www.bleepingcomputer.com β 03.09.2025 22:01
- US Offers $10 Million for Three Russian Energy Firm Hackers β www.securityweek.com β 04.09.2025 15:25
-
The FBI has observed FSB cyber actors exploiting SNMP and end-of-life networking devices running the unpatched vulnerability.
First reported: 20.08.2025 18:59π° 4 sources, 5 articlesShow sources
- FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage β thehackernews.com β 20.08.2025 18:59
- FBI, Cisco Warn of Russian Attacks on 7-Year-Old Flaw β www.darkreading.com β 20.08.2025 22:39
- FBI warns of Russian hackers exploiting 7-year-old Cisco flaw β www.bleepingcomputer.com β 21.08.2025 15:04
- US offers $10 million bounty for info on Russian FSB hackers β www.bleepingcomputer.com β 03.09.2025 22:01
- US Offers $10 Million for Three Russian Energy Firm Hackers β www.securityweek.com β 04.09.2025 15:25
-
The attackers collect configuration files for thousands of networking devices and modify them to facilitate unauthorized access.
First reported: 20.08.2025 18:59π° 3 sources, 3 articlesShow sources
- FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage β thehackernews.com β 20.08.2025 18:59
- FBI, Cisco Warn of Russian Attacks on 7-Year-Old Flaw β www.darkreading.com β 20.08.2025 22:39
- FBI warns of Russian hackers exploiting 7-year-old Cisco flaw β www.bleepingcomputer.com β 21.08.2025 15:04
-
Static Tundra uses custom tools like SYNful Knock to maintain persistence within victim networks.
First reported: 20.08.2025 18:59π° 3 sources, 3 articlesShow sources
- FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage β thehackernews.com β 20.08.2025 18:59
- FBI, Cisco Warn of Russian Attacks on 7-Year-Old Flaw β www.darkreading.com β 20.08.2025 22:39
- FBI warns of Russian hackers exploiting 7-year-old Cisco flaw β www.bleepingcomputer.com β 21.08.2025 15:04
-
The group sets up GRE tunnels to redirect traffic to attacker-controlled infrastructure.
First reported: 20.08.2025 18:59π° 3 sources, 3 articlesShow sources
- FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage β thehackernews.com β 20.08.2025 18:59
- FBI, Cisco Warn of Russian Attacks on 7-Year-Old Flaw β www.darkreading.com β 20.08.2025 22:39
- FBI warns of Russian hackers exploiting 7-year-old Cisco flaw β www.bleepingcomputer.com β 21.08.2025 15:04
-
Static Tundra's activities are primarily focused on unpatched, end-of-life network devices.
First reported: 20.08.2025 18:59π° 3 sources, 3 articlesShow sources
- FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage β thehackernews.com β 20.08.2025 18:59
- FBI, Cisco Warn of Russian Attacks on 7-Year-Old Flaw β www.darkreading.com β 20.08.2025 22:39
- FBI warns of Russian hackers exploiting 7-year-old Cisco flaw β www.bleepingcomputer.com β 21.08.2025 15:04
-
The FBI and Cisco Talos have issued advisories warning about the ongoing exploitation of CVE-2018-0171 by Static Tundra.
First reported: 20.08.2025 22:39π° 2 sources, 3 articlesShow sources
- FBI, Cisco Warn of Russian Attacks on 7-Year-Old Flaw β www.darkreading.com β 20.08.2025 22:39
- FBI warns of Russian hackers exploiting 7-year-old Cisco flaw β www.bleepingcomputer.com β 21.08.2025 15:04
- US offers $10 million bounty for info on Russian FSB hackers β www.bleepingcomputer.com β 03.09.2025 22:01
-
Static Tundra has been collecting configuration files from thousands of networking devices used by US organizations in critical infrastructure sectors.
First reported: 20.08.2025 22:39π° 2 sources, 3 articlesShow sources
- FBI, Cisco Warn of Russian Attacks on 7-Year-Old Flaw β www.darkreading.com β 20.08.2025 22:39
- FBI warns of Russian hackers exploiting 7-year-old Cisco flaw β www.bleepingcomputer.com β 21.08.2025 15:04
- US offers $10 million bounty for info on Russian FSB hackers β www.bleepingcomputer.com β 03.09.2025 22:01
-
The attackers have been modifying configuration settings to gain unauthorized access and exploring networks for protocols and applications used in industrial systems.
First reported: 20.08.2025 22:39π° 3 sources, 4 articlesShow sources
- FBI, Cisco Warn of Russian Attacks on 7-Year-Old Flaw β www.darkreading.com β 20.08.2025 22:39
- FBI warns of Russian hackers exploiting 7-year-old Cisco flaw β www.bleepingcomputer.com β 21.08.2025 15:04
- US offers $10 million bounty for info on Russian FSB hackers β www.bleepingcomputer.com β 03.09.2025 22:01
- US Offers $10 Million for Three Russian Energy Firm Hackers β www.securityweek.com β 04.09.2025 15:25
-
Static Tundra targets organizations of strategic interest to Moscow, focusing on manufacturing, telecommunications, and higher education sectors.
First reported: 20.08.2025 22:39π° 2 sources, 3 articlesShow sources
- FBI, Cisco Warn of Russian Attacks on 7-Year-Old Flaw β www.darkreading.com β 20.08.2025 22:39
- FBI warns of Russian hackers exploiting 7-year-old Cisco flaw β www.bleepingcomputer.com β 21.08.2025 15:04
- US offers $10 million bounty for info on Russian FSB hackers β www.bleepingcomputer.com β 03.09.2025 22:01
-
The group has increased attacks since the start of Russia's war in Ukraine.
First reported: 20.08.2025 22:39π° 3 sources, 3 articlesShow sources
- FBI, Cisco Warn of Russian Attacks on 7-Year-Old Flaw β www.darkreading.com β 20.08.2025 22:39
- FBI warns of Russian hackers exploiting 7-year-old Cisco flaw β www.bleepingcomputer.com β 21.08.2025 15:04
- US Offers $10 Million for Three Russian Energy Firm Hackers β www.securityweek.com β 04.09.2025 15:25
-
Static Tundra pivots deeper into networks, compromising additional devices and deploying mechanisms to remain undetected for years.
First reported: 20.08.2025 22:39π° 2 sources, 2 articlesShow sources
- FBI, Cisco Warn of Russian Attacks on 7-Year-Old Flaw β www.darkreading.com β 20.08.2025 22:39
- FBI warns of Russian hackers exploiting 7-year-old Cisco flaw β www.bleepingcomputer.com β 21.08.2025 15:04
-
CVE-2018-0171 affects Cisco devices using a vulnerable release of Cisco IOS or IOS XE software with the Smart Install client feature enabled.
First reported: 20.08.2025 22:39π° 2 sources, 2 articlesShow sources
- FBI, Cisco Warn of Russian Attacks on 7-Year-Old Flaw β www.darkreading.com β 20.08.2025 22:39
- FBI warns of Russian hackers exploiting 7-year-old Cisco flaw β www.bleepingcomputer.com β 21.08.2025 15:04
-
Static Tundra uses stolen SNMP credentials to control compromised devices, run commands, change settings, and steal configurations.
First reported: 20.08.2025 22:39π° 2 sources, 2 articlesShow sources
- FBI, Cisco Warn of Russian Attacks on 7-Year-Old Flaw β www.darkreading.com β 20.08.2025 22:39
- FBI warns of Russian hackers exploiting 7-year-old Cisco flaw β www.bleepingcomputer.com β 21.08.2025 15:04
-
The group creates new local user accounts and enables remote access services like Telnet to maintain access.
First reported: 20.08.2025 22:39π° 2 sources, 2 articlesShow sources
- FBI, Cisco Warn of Russian Attacks on 7-Year-Old Flaw β www.darkreading.com β 20.08.2025 22:39
- FBI warns of Russian hackers exploiting 7-year-old Cisco flaw β www.bleepingcomputer.com β 21.08.2025 15:04
-
Static Tundra uses a Cisco IOS firmware backdoor called SYNful Knock to maintain persistence on infected devices.
First reported: 20.08.2025 22:39π° 2 sources, 2 articlesShow sources
- FBI, Cisco Warn of Russian Attacks on 7-Year-Old Flaw β www.darkreading.com β 20.08.2025 22:39
- FBI warns of Russian hackers exploiting 7-year-old Cisco flaw β www.bleepingcomputer.com β 21.08.2025 15:04
-
The ongoing campaign highlights the importance of maintaining a current inventory of network infrastructure and prioritizing patching for end-of-life devices.
First reported: 20.08.2025 22:39π° 2 sources, 2 articlesShow sources
- FBI, Cisco Warn of Russian Attacks on 7-Year-Old Flaw β www.darkreading.com β 20.08.2025 22:39
- FBI warns of Russian hackers exploiting 7-year-old Cisco flaw β www.bleepingcomputer.com β 21.08.2025 15:04
-
The FBI has issued a public service announcement warning about the Russian hacking group Berserk Bear (also known as Blue Kraken, Crouching Yeti, Dragonfly, and Koala Team) targeting Cisco networking devices using CVE-2018-0171 exploits.
First reported: 21.08.2025 15:04π° 1 source, 1 articleShow sources
- FBI warns of Russian hackers exploiting 7-year-old Cisco flaw β www.bleepingcomputer.com β 21.08.2025 15:04
-
The group has been targeting US state, local, territorial, and tribal (SLTT) government organizations and aviation entities over the last decade.
First reported: 21.08.2025 15:04π° 1 source, 2 articlesShow sources
- FBI warns of Russian hackers exploiting 7-year-old Cisco flaw β www.bleepingcomputer.com β 21.08.2025 15:04
- US offers $10 million bounty for info on Russian FSB hackers β www.bleepingcomputer.com β 03.09.2025 22:01
-
Cisco Talos has observed the Russian threat group Static Tundra aggressively exploiting CVE-2018-0171 to compromise unpatched devices.
First reported: 21.08.2025 15:04π° 1 source, 2 articlesShow sources
- FBI warns of Russian hackers exploiting 7-year-old Cisco flaw β www.bleepingcomputer.com β 21.08.2025 15:04
- US offers $10 million bounty for info on Russian FSB hackers β www.bleepingcomputer.com β 03.09.2025 22:01
-
The threat extends beyond Russia's operations, with other state-sponsored actors likely conducting similar network device compromise campaigns.
First reported: 21.08.2025 15:04π° 1 source, 1 articleShow sources
- FBI warns of Russian hackers exploiting 7-year-old Cisco flaw β www.bleepingcomputer.com β 21.08.2025 15:04
-
The U.S. Department of State is offering up to $10 million for information on three FSB officers involved in cyberattacks targeting U.S. critical infrastructure.
First reported: 03.09.2025 22:01π° 2 sources, 2 articlesShow sources
- US offers $10 million bounty for info on Russian FSB hackers β www.bleepingcomputer.com β 03.09.2025 22:01
- US Offers $10 Million for Three Russian Energy Firm Hackers β www.securityweek.com β 04.09.2025 15:25
-
The three FSB officers, Marat Valeryevich Tyukov, Mikhail Mikhailovich Gavrilov, and Pavel Aleksandrovich Akulov, are part of the FSB's Center 16 or Military Unit 71330.
First reported: 03.09.2025 22:01π° 2 sources, 2 articlesShow sources
- US offers $10 million bounty for info on Russian FSB hackers β www.bleepingcomputer.com β 03.09.2025 22:01
- US Offers $10 Million for Three Russian Energy Firm Hackers β www.securityweek.com β 04.09.2025 15:25
-
The FSB officers targeted more than 500 foreign energy companies in 135 countries.
First reported: 03.09.2025 22:01π° 2 sources, 2 articlesShow sources
- US offers $10 million bounty for info on Russian FSB hackers β www.bleepingcomputer.com β 03.09.2025 22:01
- US Offers $10 Million for Three Russian Energy Firm Hackers β www.securityweek.com β 04.09.2025 15:25
-
The FSB officers were charged in March 2022 for a campaign between 2012 and 2017 targeting U.S. government agencies and energy companies.
First reported: 03.09.2025 22:01π° 2 sources, 2 articlesShow sources
- US offers $10 million bounty for info on Russian FSB hackers β www.bleepingcomputer.com β 03.09.2025 22:01
- US Offers $10 Million for Three Russian Energy Firm Hackers β www.securityweek.com β 04.09.2025 15:25
-
The FBI warned in August 2025 that the FSB exploited CVE-2018-0171 in end-of-life Cisco networking devices over the past year to breach U.S. critical infrastructure sectors.
First reported: 03.09.2025 22:01π° 2 sources, 2 articlesShow sources
- US offers $10 million bounty for info on Russian FSB hackers β www.bleepingcomputer.com β 03.09.2025 22:01
- US Offers $10 Million for Three Russian Energy Firm Hackers β www.securityweek.com β 04.09.2025 15:25
-
The U.S. Department of State encourages reporting through the Tor-based tips-reporting channel for information on the FSB officers' activities.
First reported: 03.09.2025 22:01π° 1 source, 1 articleShow sources
- US offers $10 million bounty for info on Russian FSB hackers β www.bleepingcomputer.com β 03.09.2025 22:01
-
The three FSB officers targeted over 380 foreign energy-sector companies in 135 countries.
First reported: 04.09.2025 15:25π° 1 source, 1 articleShow sources
- US Offers $10 Million for Three Russian Energy Firm Hackers β www.securityweek.com β 04.09.2025 15:25
-
The suspects targeted American and foreign oil and gas firms, nuclear power plants, renewable energy firms, utility and electrical grid entities, consulting and engineering groups, and advanced technology companies.
First reported: 04.09.2025 15:25π° 1 source, 1 articleShow sources
- US Offers $10 Million for Three Russian Energy Firm Hackers β www.securityweek.com β 04.09.2025 15:25
-
In August 2021, Akulov, Gavrilov, and Tyukov were indicted in the US with substantive charges of computer fraud and abuse, wire fraud, and aggravated identity theft.
First reported: 04.09.2025 15:25π° 1 source, 1 articleShow sources
- US Offers $10 Million for Three Russian Energy Firm Hackers β www.securityweek.com β 04.09.2025 15:25
-
The Dragonfly campaign involved obtaining persistent access to victim networks and infecting them with the Havex malware, through supply chain compromise.
First reported: 04.09.2025 15:25π° 1 source, 1 articleShow sources
- US Offers $10 Million for Three Russian Energy Firm Hackers β www.securityweek.com β 04.09.2025 15:25
-
In the second phase of the campaign, referred to as Dragonfly 2.0, the three allegedly targeted over 3,300 users at more than 500 US and international companies and entities, including US government agencies, in spear-phishing attacks.
First reported: 04.09.2025 15:25π° 1 source, 1 articleShow sources
- US Offers $10 Million for Three Russian Energy Firm Hackers β www.securityweek.com β 04.09.2025 15:25
-
The FBI tracked the group within the cybersecurity community as Berserk Bear, Blue Kraken, Castle, Crouching Yeti, Dragonfly, Ghost Blizzard, and Koala Team.
First reported: 04.09.2025 15:25π° 1 source, 1 articleShow sources
- US Offers $10 Million for Three Russian Energy Firm Hackers β www.securityweek.com β 04.09.2025 15:25
Similar Happenings
Supply Chain Attack Targeting npm Registry Compromises 40 Packages
A supply chain attack targeting the npm registry has compromised over 187 packages maintained by multiple developers. The attack uses a malicious script (bundle.js) to steal credentials from developer machines. The compromised packages include various npm modules used in different projects. The attack is capable of targeting both Windows and Linux systems. The malicious script scans for secrets using TruffleHog's credential scanner and transmits them to an external server controlled by the attackers. Developers are advised to audit their environments and rotate credentials if the affected packages are present.
UNC6040 and UNC6395 Target Salesforce Platforms in Data Theft Campaigns
The FBI has issued an alert about two cybercriminal groups, UNC6040 and UNC6395, targeting Salesforce platforms for data theft and extortion. UNC6395 exploited compromised OAuth tokens for the Salesloft Drift application, while UNC6040 used vishing campaigns and modified Salesforce tools to breach Salesforce instances. Both groups have been active since at least October 2024, impacting multiple organizations. UNC6040 has been linked to extortion activities, with Google attributing these to a separate cluster, UNC6240, which has claimed to be the ShinyHunters group. The ShinyHunters group, along with Scattered Spider and LAPSUS$, recently announced they are going dark, but experts warn that the threat persists. UNC6040 impersonated corporate IT support personnel to gain access to Salesforce environments and used modified versions of Salesforce's Data Loader to exfiltrate data. Salesforce re-enabled integrations with Salesloft technologies, except for the Drift app, which remains disabled.
Fourth Spyware Campaign Targeting French Apple Users in 2025
Apple has notified French users of a fourth spyware campaign in 2025. The Computer Emergency Response Team of France (CERT-FR) confirmed the alerts on September 3, 2025. The campaign targets individuals based on their status or function, including journalists, lawyers, activists, politicians, and senior officials. The alerts are part of a series of notifications sent throughout the year, with previous alerts on March 5, April 29, and June 25. These alerts indicate that at least one device linked to the users' iCloud accounts may have been compromised in highly-targeted attacks. The campaign follows a previous incident involving a security flaw in WhatsApp (CVE-2025-55177) and an Apple iOS bug (CVE-2025-43300), which were used in zero-click attacks. Apple has been sending these notifications since November 2021. Apple introduced Memory Integrity Enforcement (MIE) in the latest iPhone models to combat memory corruption vulnerabilities.
Akira Ransomware Group Exploits SonicWall SSL VPN Flaws
The Akira ransomware group has been actively exploiting SonicWall SSL VPN flaws and misconfigurations to gain initial access to networks. This campaign has seen increased activity since late July 2025, targeting SonicWall devices to facilitate ransomware operations. The group leverages a combination of security vulnerabilities, including a year-old flaw (CVE-2024-40766) and misconfigured LDAP settings, to bypass access controls and infiltrate networks. Organizations are advised to rotate passwords, remove unused accounts, enable multi-factor authentication, and restrict access to the Virtual Office Portal to mitigate risks. The Australian Cyber Security Centre (ACSC) has acknowledged Akira's targeting of SonicWall SSL VPNs and issued alerts about the increased exploitation of CVE-2024-40766.
Increased browser targeting by threat actors
Threat actors are increasingly targeting web browsers as a primary attack vector. This shift is driven by the browser's central role in accessing sensitive data and cloud applications, making it an attractive target for credential theft and session hijacking. High-profile incidents, such as the Snowflake breach, underscore the need for enhanced browser security measures. The browser's role in accessing sensitive data and cloud applications makes it a prime target for attackers. The Snowflake breach, which exploited stolen credentials, highlights the risks associated with browser-based attacks. Experts emphasize the need for stronger browser security to mitigate these threats. Browser-based attacks include phishing for credentials and sessions, malicious copy & paste (ClickFix), malicious OAuth integrations, malicious browser extensions, malicious file delivery, and exploiting stolen credentials and MFA gaps. These attacks exploit the browser's role in accessing business applications and data, making it crucial for security teams to focus on browser security.