Curated Content | Thought Leadership | Technology News

Retro Hacking: When Old Cisco Gear Becomes Spy Tools

Routers rebooted for espionage.
Emory Odom
Contributing Writer

A series of investigations by cybersecurity firms and researchers have revealed a concerted effort by the Chinese state-sponsored hacking group, Volt Typhoon, to exploit vulnerabilities in end-of-life Cisco routers. This campaign appears to be part of a broader strategy targeting government entities in the United States, United Kingdom, and Australia.

Security Scorecard, a cybersecurity firm, has reported that the hacking entity is exploiting vulnerabilities in discontinued Cisco RV320/325 VPN routers. These devices, which were discontinued in 2019, are particularly vulnerable as they no longer receive software updates from Cisco. The exploited vulnerabilities, CVE-2019-1653 and CVE-2019-1652, are known issues listed in CISA’s Known Exploited Vulnerabilities catalog.

Over a 37-day period, SecurityScorecard observed that approximately 30% of the Cisco RV320/325 devices they monitored were likely compromised by Volt Typhoon. This high rate of compromise indicates a focused and effective campaign. The hackers use a previously unspecified webshell on these routers and other network edge devices, allowing them to maintain access and control over the compromised systems.

The campaign’s geographical focus includes the U.S., U.K., and Australia, with a heavy concentration of compromised devices in these regions. SecurityScorecard’s findings suggest that Volt Typhoon’s activities are more extensive than previously reported, reflecting the easy accessibility of end-of-life devices. The use of a compromised device in New Caledonia as a transit point for Volt Typhoon-related traffic underscores the group’s strategic approach to targeting global communications.

Broader Context of Chinese Cyber Activities

The pattern of targeting aligns with the broader strategy of Chinese nation-state cyber activities. The focus on Western alliance systems, including Five Eyes and AUKUS member countries, suggests a concerted effort to undermine key global players in cybersecurity and international relations.

This is part of a strategic shift in Chinese state-sponsored cyber activities, moving from data theft to targeting critical infrastructure for potential disruption or attack purposes.

Recommendations for Mitigation

Organizations are encouraged to identify vulnerable devices, particularly focusing on end-of-life Cisco RV320/325 routers. Upgrading these devices to supported products is crucial, as is continuous monitoring of network infrastructure to detect and respond to threats. Also it is important to map digital footprints and validate changes in network configurations that may introduce new security issues.

The Wrap

The Volt Typhoon campaign highlights the critical need for vigilant cybersecurity practices, especially in the face of sophisticated state-sponsored threats. The targeting of legacy systems and the exploitation of known vulnerabilities in unsupported hardware underscore the importance of maintaining up-to-date and secure network infrastructure.

As cyber adversaries continue to evolve their tactics, the global community must remain proactive in its defense strategies to protect against such advanced threats.

You have free article(s) left this month courtesy of CIO Partners.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Digital Annual

$10.00/ month

Billed Annually

CIO Insight: IT Spend As a Percentage of Revenue
CIO Professional Network members weigh in on how much of IT spend accounts for revenue.

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.