Malicious cyber threat actors are targeting Cisco Catalyst Software Defined Wide Area Networks (SD-WAN) used by organisations globally. These actors are compromising SD-WANs to add a malicious rogue peer and then conduct a range of follow-on actions to achieve root access and maintain persistent access to the SD-WAN.
This cluster of cyber threat activity has targeted organisations using Cisco Catalyst SD-WANs globally. A Hunt Guide has been prepared based on observations from various investigations which details tactics, techniques, and procedures (TTPs) leveraged by these malicious actors. The Hunt Guide aims to support network defenders to conduct detection and threat hunting activities and provides mitigation guidance to reduce the risk from the observed TTPs.
The Hunt Guide is being released by the following authoring and co-sealing agencies:
- Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)
- Canadian Centre for Cyber Security (Cyber Centre)
- New Zealand National Cyber Security Centre (NCSC-NZ)
- United Kingdom National Cyber Security Centre (NCSC-UK)
- United States Cybersecurity and Infrastructure Security Agency (CISA)
- United States National Security Agency (NSA)
Cisco has released software updates for Cisco Catalyst SD-WAN Manager and Cisco Catalyst SD-WAN Controller.
