On September 6th, it was reported that the U.S. Department of State has announced a reward of up to $10 million (approximately 71.32 million RMB) through its “Rewards for Justice” program, seeking information on three Russian hackers.
These hackers have been identified as Marat Valeryevich Tyukov, Mikhail Mikhailovich Gavrilov, and Pavel Aleksandrovich Akulov. They are accused of belonging to Russia’s Federal Security Service (FSB) intelligence unit, specifically Center 16 (also known by codenames such as “Furious Bear,” “Dragonfly,” and “Static Tundra”). This group is alleged to have launched extensive malicious cyberattacks targeting U.S. critical infrastructure and attacked over 500 foreign energy companies across 135 countries.
The Federal Bureau of Investigation (FBI) stated that the hackers exploited the CVE-2018-0171 vulnerability in Cisco network devices to infiltrate computer networks globally. Specifically, they leveraged this flaw in conjunction with the Simple Network Management Protocol (SNMP) to successfully steal configuration files from thousands of network devices belonging to critical U.S. industry entities. Following these network intrusions, they reportedly modified device configurations to create unauthorized backdoors.
The vulnerability, identified as CVE-2018-0171, was associated with the Smart Install feature in Cisco IOS and IOS XE systems and was rated with a CVSS score of 9.8. Although a patch was publicly released in 2018, some outdated devices that were unable to be upgraded remained exposed to risks for an extended period. This highlights a persistent challenge in cybersecurity where legacy systems often present vulnerabilities that attackers can exploit. The U.S. government’s emphasis on this specific vulnerability underscores the sophisticated methods used by state-sponsored actors to compromise network security.
Currently, the “Rewards for Justice” program is soliciting tips through a secure channel on the Tor network. In addition to the substantial monetary reward, the U.S. government may also offer resettlement assistance to individuals who provide information that helps to disrupt these ongoing cyberattack operations. This comprehensive approach, combining financial incentives with potential safety provisions, aims to encourage the flow of actionable intelligence to counter sophisticated cyber threats.
