Get A Quote
Written by Cyber Threat Intelligence Unit on 21 April 2023

CISA and CISCO warn on routers aimed by Russian APT

CISA and CISCO warn on routers aimed by Russian APT

On Tuesday April 18th, the cybersecurity security agency (CISA) posted a joint advisory with CISCO on threat to routers targeted by Russian intelligence cyberattackers, better known as APT28, or Fancy Bear.

The router maker, CISCO, says that the threat actor exploited well-known vulnerabilities through malware, exploiting Simple Network Management Protocol (SNMP), to get the administration rights, on spying purpose. CISCO previously warned against unpatched, or poorly configured routers, recommending immediate remediation, released for customers. 

APTs from different countries are well known for compromising network infrastructures, like routers or firewalls, especially because they are a weak spot, with often out of date software. They use it for espionage or prepositioning purposes.

BabLock (aka Rorschach) Ransomware

The newly and sophisticated Bablock stealth ransomware seems to be an iteration of other strains like Lockbit 2.0. Bablock was based on Lockbit 2.0, added with other ransomwares for optimization. However, there is no official link with the ransomware group Lockbit 3.0. 

Its first appearance was undetected in June 2022, partly due to its speed and stealth, but also its multiple versions. This originally Russian-speaking ransomware  was seen he malware in Europe, Asia, Kuwait, and the United States. 

Bablock  is a cryptolocker malware, but isn’t based on a double extortion model, as it doesn't threaten to leak.

Related Posts