The Australian government has condemned Russian state-sponsored hackers for a series of attacks against government agencies and businesses that targeted commercial Cisco routers and switches in 2017.
Following condemnation from US and UK counterparts, cybersecurity minister Angus Taylor said that the government had determined Russian "state-sponsored actors" were responsible for the attacks last year.
Taylor said in a statement that a number of Australian organisations were affected, though there was no indication that information had been successfully compromised. Affected businesses have already been contacted by the government.
"Commercially available routers were used as a point of entry, demonstrating that every connected device is vulnerable to malicious activity," Taylor said.
"This attempt by Russia is a sharp reminder that Australian businesses and individuals are constantly targeted by malicious state and non-state actors, and we must maintain rigorous cybersecurity practices."
Attackers targeted Cisco routers and switches by using the smart install feature on devices. Switches with smart install accessible from the internet, and devices with simple network management protocol (SNMP) enabled were vulnerable to malicious activity.
Extracted files could contain sensitive information such as administrative credentials, which could be used to compromise devices.
The ACSC recommends administrators to review logs for unusual activity, including configurations or command output obtained by external sources via TFTP, SNMP queries from unexpected sources and configuration of unexpected GRE tunnels.
To prevent malicious activity, the ACSC recommends disabling SNMP if it's not required, implementing access control lists to restrict SNMP access and configuring anti-spoofing at the edge of the network, and disabling Cisco smart install if not required.
The ACSC' full guidance to prevent future attacks against Cisco devices can be accessed here.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
