Agencies in the U.S. and United Kingdom this week released an advisory detailing tactics used to exploit a known vulnerability in Cisco routers to deploy malware and recommendations to protect vulnerable Cisco devices. 

“This joint U.S. and U.K. advisory cites with high confidence that elements of the Russian Military Intelligence Service have been exploiting a known vulnerability in Cisco network routers since at least 2017,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “Like the SolarWinds compromise, this highlights the ongoing targeting of strategic third-party network technology, which is widely present in government and private-sector networks. These strategic cyberattacks on the technology supply chain may give the Russian government a basis to conduct covert reconnaissance of sensitive networks, steal data and/or pre-position itself for future destructive cyberattacks. It is strongly recommended that the patch for vulnerability CVE-2017-6742 be implemented as soon as possible.”

For more information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity.

Related News Articles

Headline
The Health Information Sharing and Analysis Center (H-ISAC) Sept. 19 alerted the health sector to an emerging threat that targets senior executives through…
Headline
The Department of Health and Human Services Sept. 18 alerted the health care sector to a critical vulnerability in ManageEngine products that allows an…
Headline
The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) yesterday alerted the sector to a ransomware group that…
Headline
The U.S. Treasury Department, in coordination with the United Kingdom, Sept. 7 sanctioned 11 individuals who are part of the Russia-based Trickbot cybercrime…
Headline
The Federal Bureau of Investigations, amid one of the largest-ever U.S.-led enforcement actions against a botnet, Aug. 29 announced the successful takedown of…
Headline
A new resource from the Cybersecurity and Infrastructure Security Agency, National Security Agency and the National Institute of Standards and Technology…