In a recent security development, Norway’s National Security Authority (NSM) issued a stark warning regarding the exploitation of two Cisco vulnerabilities, which have resulted in cyberattacks on what they describe as “important businesses” within the country. The situation underscores the critical importance of cybersecurity measures in safeguarding sensitive information.
The Cisco Vulnerabilities
Cisco, a major player in networking technology, disclosed two critical vulnerabilities (CVE-2023-20198 and CVE-2023-20273) in recent advisories, with the former scoring a perfect 10/10 on the Common Vulnerability Scoring System. These vulnerabilities were actively exploited by cybercriminals as early as September 28, prompting Cisco to release an initial patch on October 22 to address the issue.
Cisco’s Talos Intelligence team reported instances of threat actors accessing customers’ systems using CVE-2023-20198 and deploying malicious implants. In response to the initial wave of detection, the attackers updated their code to avoid detection, resulting in a drop in the count of compromised systems that were externally observable.
While the implant did not persist after a device reboot, the threat actors were also creating new local user accounts with administrator privileges, further raising concerns about the extent of the compromise.
National Response and Concerns
Norway’s NSM, led by Chief Sofie Nystrøm, has taken a central role in coordinating the national response to these attacks. However, they have refrained from publicly identifying the specific businesses affected, beyond categorizing them as “important” and providing community services. No count has been given regarding the number of hacked organizations or whether any of them are in the public sector.
The severity of this situation has been described as “very serious,” with Nystrøm emphasizing that this attack surpasses a previous incident this summer involving Norway’s government support agency (DSS). In that incident, hackers accessed data from a dozen government ministries.
Deputy Director Gullik Gundersen highlighted the magnitude of the threat when these vulnerabilities are exploited, noting that attackers can gain complete control over affected systems. It’s imperative for businesses using Cisco IOS XE to promptly update their systems in response to this ongoing incident.
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.