|
In a blog post published on Wednesday, the company said its
Adaptive Security Appliances - pieces of equipment that roll
several different digital defense functions into one - had
previously unknown vulnerabilities that had been exploited by a
group of hackers they called "UAT4356."
The blog post described the group as a "sophisticated
state-sponsored actor" and said that the company's investigation
found victims that "involved government networks globally."
Cisco said the vulnerabilities have been patched.
In a statement, the company said it urged customers to take
"immediate action" to update their software. It did not give
further details on the breaches, which it said dated back to
earlier this year.
Security equipment like routers and other so-called edge devices
has become an increasingly popular vector for advanced hackers
because it resides at the perimeter of a target's network and
can be difficult to monitor.
In its post, Cisco warned that it had seen evidence that the
UAT4356 hackers were interested in "and potentially attacking"
network devices from Microsoft and other vendors. Microsoft did
not immediately return an email.
The Cybersecurity and Infrastructure Security Agency (CISA) said
it had "not confirmed evidence of this activity affecting U.S.
government networks at this time." CISA released an alert on the
Cisco vulnerabilities on Wednesday.
(Reporting by Raphael Satter in Washington; Editing by Matthew
Lewis)
[© 2024 Thomson Reuters. All rights
reserved.]
Copyright 2022 Reuters. All rights reserved. This material may
not be published, broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content.
|
|
