Cisco: Reports about Cyber Actors Hiding in Router Firmware
A few quesitons:
"Modern Cisco devices include secure boot capabilities, which do not allow the loading and executing of modified software images." -> Do the affected devices count as "modern"?
"The stolen code-signing certificates mentioned in the report are not from Cisco." -> How are they relevant then?
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csa-cyber-report-sept-2023
Original CISA advisory:
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-270a
buherator /
npub1n3…djee0
2023-09-28 10:58:30
Author Public Key
npub1n3p6whdpmt9k8rxzcmvrs053utg662lfrgdxh7dl9t04ff8sdk7qqdjee0Published at
2023-09-28 10:58:30Event JSON
{
"id": "6c1cd3034ff2145b05b7d9921ec8ae781644e8ad3f1e1b9cdfb993c7cde531cb",
"pubkey": "9c43a75da1dacb638cc2c6d8383e91e2d1ad2be91a1a6bf9bf2adf54a4f06dbc",
"created_at": 1695898710,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.place/objects/245f2164-6a92-44ea-93d0-190b6cf0fb8b",
"activitypub"
]
],
"content": "Cisco: Reports about Cyber Actors Hiding in Router Firmware\n\nA few quesitons:\n\n\"Modern Cisco devices include secure boot capabilities, which do not allow the loading and executing of modified software images.\" -\u003e Do the affected devices count as \"modern\"?\n\n\"The stolen code-signing certificates mentioned in the report are not from Cisco.\" -\u003e How are they relevant then?\n\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csa-cyber-report-sept-2023\n\nOriginal CISA advisory:\n\nhttps://www.cisa.gov/news-events/cybersecurity-advisories/aa23-270a",
"sig": "d46ef54442a71d93d6ca6cc46194ca63215586c93926c73e8a2e4f59a06ded242e2ffe898ef0a5bbdd9ab963f2fd21586243be503c5a96cb0ce91f820eaefa56"
}