Govt sees red attributing last year’s Cisco switch attacks

The Australian government has blamed Russian state-sponsored actors for attacks on Cisco deviceswhich targeted government and private-sector organisations, critical infrastructure providers, and the internet service providers last year.

A “significant number” of Australian organisations have been affected by the hacking attempt on Cisco devices that use the Smart Install feature. There is, however, “no indication Australian information has been successfully compromised”, the government said today.

“This attempt by Russia is a sharp reminder that Australian businesses and individuals are constantly targeted by malicious state and non-state actors, and we must maintain rigorous cyber security practices,” said Minister for Law Enforcement and Cyber Security Angus Taylor in a statement this morning.

The Australian Cyber Security Centre (ACSC) issued guidance in August last year regarding all switches with Cisco Smart Install accessible from the internet, and routers or switches with Simple Network Management Protocol (SNMP) enabled and exposed to the internet.

They advised users to disable the Smart Install feature as “access to the device may facilitate malicious cyber adversaries gaining access to the information that flows through the device” the centre said at the time.

It is not believed home users were directly impacted.

“Commercially available routers were used as a point of entry, demonstrating that every connected device is vulnerable to malicious activity,” Taylor said.

The government’s attribution of the attacks to Russia follows a joint statement from the U.S. Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI), and the UK’s National Cyber Security Centre (NCSC) yesterday concerning “malicious cyber activity carried out by the Russian Government”.

“Russian state-sponsored actors are using compromised routers to conduct spoofing ‘man-in-the-middle’ attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations,” the statement read.

“Specifically, these cyber exploits are directed at network infrastructure devices worldwide such as routers, switches, firewalls, and the Network Intrusion Detection System (NIDS),” the statement notes.

The ACSC has issued advice on how to strengthen vulnerable devices and prevent malicious cyber activity, and have urged all Australian organisations to review that advice on ACSC’s website.