Skip to content
Auto-CTI
Back to today
NEW Russian APT (unspecified), Salt Typhoon CRITICAL C3

US, Allies Warn of Russian Cyberattacks Targeting Critical Infrastructure Routers

C SecurityWeek ·

Admiralty grading (A–F · 1–6)

Source reliability

  • A Completely reliable
  • B Usually reliable
  • C Fairly reliable
  • D Not usually reliable
  • E Unreliable
  • F Cannot be judged

Information credibility

  • 1 Confirmed
  • 2 Probably true
  • 3 Possibly true
  • 4 Doubtful
  • 5 Improbable
  • 6 Cannot be judged

NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.

Key insight

Russian state-sponsored APTs are actively exploiting poorly secured routers in critical infrastructure using seven-year-old known vulnerabilities, signaling a coordinated campaign focused on persistent network presence.

Description

Multiple Russian state-sponsored APT groups are compromising inadequately secured network devices in critical infrastructure sectors. The attackers exploit known vulnerabilities in Cisco routers, particularly CVE-2018-0171, leading to arbitrary code and command execution. Observed TTPs overlap with activities by other actors such as Salt Typhoon, indicating a coordinated or imitated attack pattern. The campaign aims to gain access to network edge devices and establish persistent presence in critical infrastructure networks.

Risk score

70
strategic relevance
0.75
consensus penalty
-5.00

Path: strategic

Consensus check

The pipeline self-checks before delivery. These rules lowered the score:

  • VENDOR_MISMATCH Vendor not found in alert title −5
Consensus penalty:
−5.0
Total penalty:
−5.0
ESC