1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cisco routers targeted in recent attacks, FireEye says

Discussion in 'CSO' started by RSS, Sep 15, 2015.

  1. RSS

    RSS New Member Member

    Researchers at FireEye have discovered fourteen compromised Cisco routers, in four different countries, suggesting an attack vector once thought theoretical in nature has now become a reality.

    In a blog post on Tuesday, FireEye reported the discovery of compromised Cisco devices in Ukraine, Philippines, Medico, and India.

    The attack is being called SYNful Knock. Fancy names aside, what the attackers are doing is levering default or discovered credentials to modify the router's firmware in order to maintain persistence on a victim's network.

    "The implant consists of a modified Cisco IOS image that allows the attacker to load different functional modules from the anonymity of the internet. The implant also provides unrestricted access using a secret backdoor password," the blog post explains.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page