Cisco Customers Hacked with Techniques from NSA’s Leaked Arsenal

Cisco Systems’ security team announced Friday some of the company’s firewall customers have been hacked using a vulnerability exposed by the Shadow Brokers group.

The Shadow Brokers group in August published “cyber weapons” it claimed to be from the National Security Agency-linked Equation Group. The data dump included previous undisclosed zero-day flaws, including an exploit called BENIGNCERTAIN that could potentially be used to exploit legacy Cisco firewalls.

“Cisco Product Security Incident Response Team (PSIRT) is aware of exploitation of the vulnerability for some Cisco customers who are running the affected platforms,” said the company’s security advisory.

An internal security team investigated other products that could be exploited in a similar way and found vulnerabilities in Cisco IOS, Cisco IOS XE, and Cisco IOS XR products, the advisory said.

According to a Motherboard report, this is the “first real-world cyberattack” using the information from the Shadow Brokers data dump.