US, Allies Warn of Russian Cyberattacks Targeting Critical Infrastructure Routers
C SecurityWeek ·
Admiralty grading (A–F · 1–6)
Source reliability
- A Completely reliable
- B Usually reliable
- C Fairly reliable
- D Not usually reliable
- E Unreliable
- F Cannot be judged
Information credibility
- 1 Confirmed
- 2 Probably true
- 3 Possibly true
- 4 Doubtful
- 5 Improbable
- 6 Cannot be judged
NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.
Key insight
Russian state-sponsored APTs are actively exploiting poorly secured routers in critical infrastructure using seven-year-old known vulnerabilities, signaling a coordinated campaign focused on persistent network presence.
Description
Multiple Russian state-sponsored APT groups are compromising inadequately secured network devices in critical infrastructure sectors. The attackers exploit known vulnerabilities in Cisco routers, particularly CVE-2018-0171, leading to arbitrary code and command execution. Observed TTPs overlap with activities by other actors such as Salt Typhoon, indicating a coordinated or imitated attack pattern. The campaign aims to gain access to network edge devices and establish persistent presence in critical infrastructure networks.
Risk score
- strategic relevance
- 0.75
- consensus penalty
- -5.00
Path: strategic
Consensus check
The pipeline self-checks before delivery. These rules lowered the score:
-
VENDOR_MISMATCHVendor not found in alert title −5
- Consensus penalty:
- −5.0
- Total penalty:
- −5.0