Cisco revealed hackers exploited a critical bug in its SD-WAN products since 2023, affecting large enterprises and critical infrastructure worldwide.
San Francisco: Cisco researchers found that hackers have been breaking into big customer networks since 2023 using a severe bug in their popular SD-WAN products. The vulnerability, rated 10.0 out of 10 for severity, lets attackers remotely take control of these devices and stay hidden inside victim networks. When hackers exploit this bug over the internet, they can get full system access and spy on or steal data for long periods.
Some of the affected organizations include critical infrastructure—systems that could mean power grids, water supplies, or transportation networks. The hacking activity started at least three years ago, and Cisco has evidence showing continued exploitation. Government agencies in the U.S., Australia, Canada, New Zealand, and the United Kingdom say this problem affects organizations around the world.
The U.S. Cybersecurity and Infrastructure Security Agency told all federal agencies to fix their systems immediately because of serious danger. This cybersecurity team is working with fewer people due to a partial government shutdown but still says hackers are actively targeting systems right now. Cisco hasn’t said who is doing the attacks or if it’s a specific group or country, though they track one activity cluster as UAT-8616. The company also warns about another equally dangerous bug from December in their Async software used across many products.