Hackers are exploiting exposed Cisco products, Five Eyes intelligence agencies say
Hackers are exploiting exposed Cisco products, Five Eyes intelligence agencies say
Publish Date: 2026-02-25 17:06:00
Source Domain: www.nextgov.com
The Cybersecurity and Infrastructure Security Agency and its overseas intelligence partners said a “significant cyber threat” is exploiting vulnerabilities in Cisco wide-area networking equipment and urged organizations to search for signs that they’ve been compromised. Federal networks are also exposed.
CISA, the NSA and Five Eyes partners — which include cyber agencies in the UK, New Zealand, Canada and Australia — issued the alert Wednesday and said two cyber vulnerabilities — denoted CVE-2026-20127 and CVE-2022-20775 — were discovered on exposed devices.
A concurrent report produced by Cisco’s cyber threat intelligence unit dubbed the hacking group as UAT-8616, assessing it as a “highly sophisticated cyber threat actor.” Cisco and the cyberintelligence agencies did not name a particular nation-state affiliation with the hackers.
After confirming that hackers were actively exploiting the previously unknown vulnerability, Cisco researchers said they reviewed historical data and found evidence the malicious activity dated back to at least 2023.
In written remarks, CISA said the conditions pose “an unacceptable risk to federal agencies and necessitate emergency action.” The UK National Cyber Security Centre echoed that dynamic and said “malicious cyber threat actors are targeting Cisco Catalyst Software Defined Wide Area Networks (SD-WAN) used by organisations globally.”
A critical advisory issued by Cisco said one of the vulnerabilities can let hackers “gain root privileges on the underlying operating system,” giving them access to the affected device. A technical hunt guide was also released with the involved governments.
The advisory adds to a growing list of security alerts tied to Cisco systems, which are commonly deployed in enterprise and government networks. Such devices often manage internet traffic and user authentication, which, if exploited, can provide attackers with elevated access that allows them to potentially…
