Some unknown hackers have made use of the NSA hacking tools that were released a few months ago to hack into some targets using firewalls and switches and some routers which the tech company Cisco make. The news was revealed by Cisco itself.
The attack indicates the first real-time attack that has been made using the NSA hacked tools. The tools which were taken from the NSA have been the ones being used rather covertly by the law enforcement agency for the past few years without anyone’s consent. The tools only came to light after a group called the Shadow Brokers dumped a bunch of the files on the Internet.
In a recent security advisory by the company, Cisco wrote that they were aware of several attacks that had been made on their customers. The company noted that the vulnerabilities exploited the way some of the Cisco devices handle encryption, which allowed the hackers to get some confidential information and also extract some of the data from the device by simply sending a packet to the device.
Cisco refused to give any details on who was spied on and hacked to hackers therefore details of the hack are still unknown at the time being since the company says it goes against company policy. The company said that they had decided to release the flaws to the public now because there was knowledge of it already but said they were going to release patches to the problem later. In a statement, one Cisco spokesperson said that if there was any flaws they discovered they would reveal them as per their company policies.
The new vulnerability which is affecting the Cisco devices which run their operating system. These devices also use a protocol key known as the IKEv1 as it sets up a new connection. The name of the flaw is CVE-2016-6415. The protocol it affects is used for virtual private networks, firewalls and in some cases for industrial management control. Cisco has already revealed two flaws before this one, and the disclosure of this new one might show that it is not the last.
One infrastructure security researcher, Michael Toecker said that the exploit actually affected a long chain of the Cisco products, noting that it was as far as a rabbit hole goes.
https://twitter.com/shadowbrokerss/status/764367732745928704
The researcher, who works for Context Industrial Security said that his main worry was the critical control systems which was used for the Cisco VPN products so that they could be used for troubleshoot and maintenance of important facilities. The recent grid attack in Ukraine showed that this was one matter which was not to be brushed aside lightly like that.