Skip to main content
close search
site logo
Dive Brief

FBI, Cisco warn of Russia-linked hackers targeting critical infrastructure organizations

The intrusions have exploited a vulnerability in Cisco’s networking equipment software.

Published Aug. 21, 2025
Eric Geller's headshot
Senior Reporter
Cisco logo at a conference in Barcelona Spain on Feb. 28, 2022
A logo sits illuminated outside the Cisco booth on day 1 of the GSMA Mobile World Congress on Feb. 28, 2022 in Barcelona, Spain. On Aug. 20, the FBI and Cisco announced that Russia-linked hackers were targeting the company's products. David Ramos via Getty Images

First published on

Cybersecurity Dive

Hackers linked to the Russian government have been exploiting a vulnerability in Cisco networking devices to target critical infrastructure organizations, the FBI said on Wednesday.

“In the past year, the FBI detected the actors collecting configuration files for thousands of networking devices associated with US entities across critical infrastructure sectors,” the bureau said in an alert.

The Cybersecurity and Infrastructure Security Agency lists energy among 16 critical infrastructure sectors.

The hackers, whom the FBI linked to the Russian Federal Security Service’s Center 16, have been taking advantage of a bug in Cisco’s IOS software, tracked as CVE-2018-0171, to execute arbitrary code on unpatched and end-of-life network switches made by Cisco and Rockwell Automation.

In some cases, the attackers modified configuration files to gain access to the devices and conduct reconnaissance focused on “protocols and applications commonly associated with industrial control systems,” according to the FBI.

FSB, aka Berserk Bear, Dragonfly

The FSB’s Center 16, which has conducted operations that researchers track using the names “Berserk Bear” and “Dragonfly,” has spent more than a decade penetrating computer systems by exploiting networking devices’ use of unencrypted protocols, the FBI said.

Cisco researchers on Wednesday published their own account of the Russia-linked group, which they call Static Tundra. The group focuses on telecommunications, education and manufacturing organizations around the world, Cisco said, “with victims selected based on their strategic interest to the Russian government,” mostly in Ukraine and its allies.

Both the FBI and Cisco linked the FSB’s Center 16 to the SYNful Knock malware, which Google detected in four countries, including Ukraine, in 2015.

Cisco said the group’s operations against Ukrainian targets have increased significantly since Moscow expanded its invasion of Ukraine in 2022. “Static Tundra was observed compromising Ukrainian organizations in multiple verticals,” Cisco said, “as opposed to previously more limited, selective compromises typically being associated with this threat actor.”

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
Technosylva and AiDASH Partner to Integrate Vegetation Management and Wildfire Risk Mitigation
From Technosylva
August 21, 2025
Technosylva logo
How Western States Can Achieve Grid Decarbonization with Singularity, EnergyTag, & CleanCounts
From CleanCounts
August 05, 2025
Clearway Announces New High-Performance Computing Data Center Colocated with Texas Wind Farm
From Clearway Energy Group
August 06, 2025
Clearway Energy Group logo
Lucasys Recognized Again on Inc. 5000 List of America’s Fastest-Growing Private Companies
From Lucasys Inc
August 12, 2025
Lucasys Inc logo
Editors' picks
Latest in Grid Security & Reliability
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.