HIGHApt
Verified
Europe

APT28 Exploits Cisco Router Vulnerabilities for Long-Term Espionage

Wednesday, March 11, 2026 at 09:00 AM UTC·Source: UK NCSC / NSA

Updated: Thursday, March 12, 2026 at 07:00 AM UTC

Executive Summary

UK NCSC warns APT28 exploiting Cisco router vulnerabilities to establish persistent espionage infrastructure across European government networks.

Analysis

The UK National Cyber Security Centre and US NSA issued a joint advisory warning that APT28 has been exploiting CVE-2026-20145 and older Cisco IOS vulnerabilities to install GRU-developed malware on routers used by European government agencies. The malware, named Jaguar Tooth, enables undetected SNMP-based data exfiltration. Campaign has been active for at least 6 months.

Timeline

Discovered
Sep 1, 2025
Exploitation Detected
Sep 1, 2025
Published
Mar 11, 2026

Indicators of Compromise (1)

CVE (1)
CVE-2026-20145
NVDMITRE CVE
Source Attribution

Originally published by UK NCSC / NSA on Mar 11, 2026. Verified by: UK NCSC, NSA, CISA.

Related Threats

LOWApt

Cloudflare’s new CMS is not a WordPress killer, it’s a WordPress alternative

Cloudflare on Wednesday rolled out EmDash, which it described as “the spiritual successor to WordPress.” The security vendor positioned EmDash as a far more secure site building tool that avoids the extensive cybersecurity problems with WordPress plugins . But the Cloudflare claims go far beyond cybersecurity issues. The vendor is arguing that the very nature of websites in 2026 is sharply differe

CSO Online
MEDIUMApt

Apple Rolls Out DarkSword Exploit Protection to More Devices

The DarkSword exploit kit has been used by both state-sponsored hackers and commercial spyware vendors. The post Apple Rolls Out DarkSword Exploit Protection to More Devices appeared first on SecurityWeek .

SecurityWeek
HIGHApt

New Whitepaper: Stealthy BPFDoor Variants are a Needle That Looks Like Hay

Executive Overview Advanced persistent threats (APTs) are constantly and consistently changing tactics as network defenders plug holes in defenses. Static indicators of compromise (IoCs) for the BPFDoor have been widely deployed, forcing threat actors to get creative in their use of this particular strain of malware. What they came up with is ingenious. New research from Rapid7 Labs has uncovered

Rapid7