Cisco says hackers subverted its security devices to spy on governments

By Thomson Reuters Apr 24, 2024 | 5:36 PM

By Raphael Satter

WASHINGTON (Reuters) – Technology firm Cisco Systems said that hackers have subverted some of its digital security devices to break in to government networks globally.

In a blog post published on Wednesday, the company said its Adaptive Security Appliances – pieces of equipment that roll several different digital defense functions into one – had previously unknown vulnerabilities that had been exploited by a group of hackers they called “UAT4356.”

The blog post described the group as a “sophisticated state-sponsored actor” and said that the company’s investigation found victims that “involved government networks globally.” Cisco said the vulnerabilities have been patched.

In a statement, the company said it urged customers to take “immediate action” to update their software. It did not give further details on the breaches, which it said dated back to earlier this year.

Security equipment like routers and other so-called edge devices has become an increasingly popular vector for advanced hackers because it resides at the perimeter of a target’s network and can be difficult to monitor.

In its post, Cisco warned that it had seen evidence that the UAT4356 hackers were interested in “and potentially attacking” network devices from Microsoft and other vendors. Microsoft did not immediately return an email.

The Cybersecurity and Infrastructure Security Agency (CISA) said it had “not confirmed evidence of this activity affecting U.S. government networks at this time.” CISA released an alert on the Cisco vulnerabilities on Wednesday.

(Reporting by Raphael Satter in Washington; Editing by Matthew Lewis)