{"id":51528,"date":"2023-04-19T12:57:31","date_gmt":"2023-04-19T12:57:31","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/34533\/Russian-Snoops-Just-Love-Invading-Unpatched-Cisco-Gear-America-And-UK-Warn.html"},"modified":"2023-04-19T12:57:31","modified_gmt":"2023-04-19T12:57:31","slug":"russian-snoops-just-love-invading-unpatched-cisco-gear-america-and-uk-warn","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/russian-snoops-just-love-invading-unpatched-cisco-gear-america-and-uk-warn\/","title":{"rendered":"Russian Snoops Just Love Invading Unpatched Cisco Gear, America And UK Warn"},"content":{"rendered":"<p>The UK and US governments have sounded the alarm on Russian intelligence targeting unpatched Cisco routers to deploy malware and carry out surveillance.<\/p>\n<p>In a <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.ncsc.gov.uk\/news\/apt28-exploits-known-vulnerability-to-carry-out-reconnaissance-and-deploy-malware-on-cisco-routers\">joint advisory<\/a> issued Tuesday, the UK National Cyber Security Centre (NCSC), the NSA, America&#8217;s Cybersecurity and Infrastructure Security Agency (CISA) and the FBI provided details about how Russia&#8217;s APT28 \u2014 aka FancyBear and Stronium \u2014 exploited an old vulnerability in unpatched Cisco routers in 2021 to collect network information belonging to European and US government organizations, and about 250 Ukrainian victims.<\/p>\n<p>APT28 is understood to be a key cog in the Russian military intelligence machine: it&#8217;s a GRU-linked crew responsible for, among other things, the <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.gov.uk\/government\/news\/uk-enforces-new-sanctions-against-russia-for-cyber-attack-on-german-parliament\">2015 theft<\/a> of data from the German parliament, the <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2018\/11\/13\/russia_immune_dnc_hack\/\" rel=\"noopener\">US Democratic National Committee ransacking<\/a> a year later, the <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.gov.uk\/government\/speeches\/minister-for-europe-statement-attempted-hacking-of-the-opcw-by-russian-military-intelligence\">attempted intrusion<\/a> into the UK Organisation for the Prohibition of Chemical Weapons in April 2018, and a slew of more recent <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2022\/04\/08\/microsoft-russia-stronium-domains\/\" rel=\"noopener\">cyberattacks against Ukraine<\/a> since the Russian invasion began.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZEAqb5-Pv5Aw1a6gkoFbMQAAAFQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZEAqb5-Pv5Aw1a6gkoFbMQAAAFQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;TTPs in this advisory may still be used against vulnerable Cisco devices,&#8221; the governments&#8217; advisory said, referring to the tactics, techniques, and procedures employed by Russia to compromise the networking gear.&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZEAqb5-Pv5Aw1a6gkoFbMQAAAFQ&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZEAqb5-Pv5Aw1a6gkoFbMQAAAFQ&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZEAqb5-Pv5Aw1a6gkoFbMQAAAFQ&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZEAqb5-Pv5Aw1a6gkoFbMQAAAFQ&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>To be clear: this is a nearly six-year-old vulnerability that Cisco <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-20170629-snmp\">disclosed and fixed<\/a> in 2017. The networking vendor updated its security advisory when it became aware of in-the-wild exploits of the now-patched bug.<\/p>\n<p>In a separate warning, also issued on Tuesday, Cisco said it&#8217;s not just Russian spies attempting to attack network infrastructure \u2014 and it&#8217;s not just Cisco gear they&#8217;re going after.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZEAqb5-Pv5Aw1a6gkoFbMQAAAFQ&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZEAqb5-Pv5Aw1a6gkoFbMQAAAFQ&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;Cisco is deeply concerned by an increase in the rate of high-sophistication attacks on network infrastructure \u2014 that we have observed and have seen corroborated by numerous reports issued by various intelligence organizations \u2014 indicating state-sponsored actors are targeting routers and firewalls globally,&#8221; Cisco Talos Threat Intelligence Director Matt Olney <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/blog.talosintelligence.com\/state-sponsored-campaigns-target-global-network-infrastructure\/\">said<\/a>.<\/p>\n<p>In an interview with <em>The Register<\/em>, JJ Cummings, Cisco Talos national intelligence principal, said the IT giant&#8217;s threat hunting team has seen this type of router targeting being used for espionage, and to support more descriptive attacks, much more recently than 2021.<\/p>\n<blockquote class=\"pullquote\" readability=\"7\">\n<p>Network operators are incentivized &#8230; to maintain a high-availability, operational environment. We&#8217;re seeing devices go [unpatched] for years at a time<\/p>\n<\/blockquote>\n<p>&#8220;Network operators are, frankly, incentivized, and their whole goal is to maintain a high-availability, operational environment for the rest of their organization,&#8221; Cummings said. &#8220;When they&#8217;re incentivized to do this, we&#8217;re seeing cases where devices go untouched for years at a time, or even longer potentially, all in the name of maintaining that uptime and that availability.&#8221;<\/p>\n<p>That long-term availability comes at the cost of unpatched gear: updates are not applied to avoid downtime or any interruption of business. &#8220;The security of that device isn&#8217;t always front of mind,&#8221; Cummings said.<\/p>\n<h3 class=\"crosshead\">Abusing SNMP with a &#8216;Jaguar Tooth&#8217; bite<\/h3>\n<p>In the 2021 attacks, the Kremlin spies used the simple network management protocol (SNMP) to access Cisco routers worldwide. This protocol is normally used by network administrators to monitor and configure devices remotely. As was the case with Russia, it can be wielded against vulnerable and poorly protected equipment to infiltrate organizations&#8217; networks.<\/p>\n<p>&#8220;A number of software tools can scan the entire network using SNMP, meaning that poor configuration such as using default or easy-to-guess community strings, can make a network susceptible to attacks,&#8221; the NCSC said. &#8220;Weak SNMP community strings, including the default &#8216;public&#8217;, allowed APT28 to gain access to router information.&#8221;<\/p>\n<p>After exploiting weak SNMP community strings to access routers, the attackers deployed Jaguar Tooth malware [<a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.ncsc.gov.uk\/static-assets\/documents\/malware-analysis-reports\/jaguar-tooth\/NCSC-MAR-Jaguar-Tooth.pdf\">PDF<\/a>], which collected more device information and sent it back to the intruders over trivial file transfer protocol (TFTP), and also enabled unauthenticated backdoor access to the network so that Moscow&#8217;s snoops could maintain persistence.<\/p>\n<p>Talos, for its part, said Cisco&#8217;s not the only device maker in nation-state spies&#8217; crosshairs. Its team spotted one scanning tool targeting &#8220;almost 20&#8221; router and switch manufacturers, Olney noted.&nbsp;<\/p>\n<p>Plus, Chinese spies are just as likely as their Russian counterparts to target network equipment, the Talos alert added, citing a <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa22-158a\">CISA warning<\/a> from June 2022.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZEAqb5-Pv5Aw1a6gkoFbMQAAAFQ&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZEAqb5-Pv5Aw1a6gkoFbMQAAAFQ&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;It is reasonable to conclude that <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/blogs.cisco.com\/security\/shadow-brokers\">any sufficiently capable<\/a> national intelligence operation would develop and use the capability to compromise the communications infrastructure of their preferred targets,&#8221; Olney wrote.<\/p>\n<p>&#8220;We have observed traffic manipulation, traffic copying, hidden configurations, router malware, infrastructure reconnaissance and active weakening of defenses by adversaries operating on networking equipment,&#8221; he continued. &#8220;Given the variety of activities we have seen adversaries engage in, they have shown a very high level of comfort and expertise working within the confines of compromised networking equipment.&#8221; \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/34533\/Russian-Snoops-Just-Love-Invading-Unpatched-Cisco-Gear-America-And-UK-Warn.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[10478],"class_list":["post-51528","post","type-post","status-publish","format-standard","hentry","category-packet-storm","tag-headlinegovernmentusabritainrussiaflawciscospyware"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Russian Snoops Just Love Invading Unpatched Cisco Gear, America And UK Warn 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/russian-snoops-just-love-invading-unpatched-cisco-gear-america-and-uk-warn\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Russian Snoops Just Love Invading Unpatched Cisco Gear, America And UK Warn 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/russian-snoops-just-love-invading-unpatched-cisco-gear-america-and-uk-warn\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-04-19T12:57:31+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZEAqb5-Pv5Aw1a6gkoFbMQAAAFQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russian-snoops-just-love-invading-unpatched-cisco-gear-america-and-uk-warn\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russian-snoops-just-love-invading-unpatched-cisco-gear-america-and-uk-warn\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Russian Snoops Just Love Invading Unpatched Cisco Gear, America And UK Warn\",\"datePublished\":\"2023-04-19T12:57:31+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russian-snoops-just-love-invading-unpatched-cisco-gear-america-and-uk-warn\\\/\"},\"wordCount\":773,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russian-snoops-just-love-invading-unpatched-cisco-gear-america-and-uk-warn\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZEAqb5-Pv5Aw1a6gkoFbMQAAAFQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"keywords\":[\"headline,government,usa,britain,russia,flaw,cisco,spyware\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russian-snoops-just-love-invading-unpatched-cisco-gear-america-and-uk-warn\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russian-snoops-just-love-invading-unpatched-cisco-gear-america-and-uk-warn\\\/\",\"name\":\"Russian Snoops Just Love Invading Unpatched Cisco Gear, America And UK Warn 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russian-snoops-just-love-invading-unpatched-cisco-gear-america-and-uk-warn\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russian-snoops-just-love-invading-unpatched-cisco-gear-america-and-uk-warn\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZEAqb5-Pv5Aw1a6gkoFbMQAAAFQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2023-04-19T12:57:31+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russian-snoops-just-love-invading-unpatched-cisco-gear-america-and-uk-warn\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russian-snoops-just-love-invading-unpatched-cisco-gear-america-and-uk-warn\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russian-snoops-just-love-invading-unpatched-cisco-gear-america-and-uk-warn\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZEAqb5-Pv5Aw1a6gkoFbMQAAAFQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZEAqb5-Pv5Aw1a6gkoFbMQAAAFQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russian-snoops-just-love-invading-unpatched-cisco-gear-america-and-uk-warn\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,government,usa,britain,russia,flaw,cisco,spyware\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinegovernmentusabritainrussiaflawciscospyware\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Russian Snoops Just Love Invading Unpatched Cisco Gear, America And UK Warn\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Russian Snoops Just Love Invading Unpatched Cisco Gear, America And UK Warn 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/russian-snoops-just-love-invading-unpatched-cisco-gear-america-and-uk-warn\/","og_locale":"en_US","og_type":"article","og_title":"Russian Snoops Just Love Invading Unpatched Cisco Gear, America And UK Warn 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/russian-snoops-just-love-invading-unpatched-cisco-gear-america-and-uk-warn\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-04-19T12:57:31+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZEAqb5-Pv5Aw1a6gkoFbMQAAAFQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/russian-snoops-just-love-invading-unpatched-cisco-gear-america-and-uk-warn\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/russian-snoops-just-love-invading-unpatched-cisco-gear-america-and-uk-warn\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Russian Snoops Just Love Invading Unpatched Cisco Gear, America And UK Warn","datePublished":"2023-04-19T12:57:31+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/russian-snoops-just-love-invading-unpatched-cisco-gear-america-and-uk-warn\/"},"wordCount":773,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/russian-snoops-just-love-invading-unpatched-cisco-gear-america-and-uk-warn\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZEAqb5-Pv5Aw1a6gkoFbMQAAAFQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","keywords":["headline,government,usa,britain,russia,flaw,cisco,spyware"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/russian-snoops-just-love-invading-unpatched-cisco-gear-america-and-uk-warn\/","url":"https:\/\/www.threatshub.org\/blog\/russian-snoops-just-love-invading-unpatched-cisco-gear-america-and-uk-warn\/","name":"Russian Snoops Just Love Invading Unpatched Cisco Gear, America And UK Warn 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/russian-snoops-just-love-invading-unpatched-cisco-gear-america-and-uk-warn\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/russian-snoops-just-love-invading-unpatched-cisco-gear-america-and-uk-warn\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZEAqb5-Pv5Aw1a6gkoFbMQAAAFQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2023-04-19T12:57:31+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/russian-snoops-just-love-invading-unpatched-cisco-gear-america-and-uk-warn\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/russian-snoops-just-love-invading-unpatched-cisco-gear-america-and-uk-warn\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/russian-snoops-just-love-invading-unpatched-cisco-gear-america-and-uk-warn\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZEAqb5-Pv5Aw1a6gkoFbMQAAAFQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZEAqb5-Pv5Aw1a6gkoFbMQAAAFQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/russian-snoops-just-love-invading-unpatched-cisco-gear-america-and-uk-warn\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,government,usa,britain,russia,flaw,cisco,spyware","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinegovernmentusabritainrussiaflawciscospyware\/"},{"@type":"ListItem","position":3,"name":"Russian Snoops Just Love Invading Unpatched Cisco Gear, America And UK Warn"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/51528","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=51528"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/51528\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=51528"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=51528"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=51528"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}