The FBI has issued a warning regarding Russian hackers who have been compromising numerous networking devices related to critical infrastructure IT systems. These criminals are exploiting a flaw in older Cisco software.

Cisco Talos, the company’s threat intelligence division, reported that this group has targeted organizations within the telecommunications, higher education, and manufacturing sectors across North America, Asia, Africa, and Europe. Unlike typical ransomware attacks, these hackers select victims based on their strategic importance to Russia.

According to information from the
Cisco Talos blog,
this hacking operation is known as Static Tundra—a state-sponsored cyber espionage group operating in support of Russia’s long-term intrusion campaigns into strategically significant organizations. Their objective is to gather bulk configuration data, which can later be utilized depending on current strategic goals and interests of the Russian government.

“Russia’s cyber attacks are a recurring issue, but critical infrastructure faces an elevated risk during periods of geopolitical tension, particularly from adversaries like Russia, Iran, and China,” stated
Tracy Goldberg, Director of Cybersecurity at Javelin Strategy & Research. “Ongoing diplomatic talks between the U.S. and Russia concerning the conflict in Ukraine could shift cybersecurity dynamics, thus critical infrastructure sectors such as industrial and financial ones should maintain heightened vigilance.”

Long-Term Missions

The investigation reveals that these hacking endeavors are of long-standing duration. Static Tundra has been active for over a decade and managed to maintain undetected access to its targets.

In the latest incidents, hackers altered configuration files to gain unauthorized entry into the devices, subsequently using this access to carry out reconnaissance within the victim networks. They displayed particular interest in protocols and applications linked with industrial control systems.

Exploiting Old Vulnerabilities

To achieve such access, the hackers capitalized on a seven-year-old vulnerability present in Cisco IOS software. Despite this flaw being identified and addressed many years ago, they targeted unpatched and end-of-life network devices to steal configuration data and establish persistent control.

“The majority of vulnerabilities exploited by cyber adversaries like Russia can be mitigated through the implementation and enforcement of zero-trust policies along with regular network and software vulnerability testing and patching,” Goldberg explained. “Financial institutions, in particular, should reassess and test their disaster-recovery planning playbooks during the third and fourth quarters of 2025 to ensure robust cyber threat response measures are in place.”