Organisations are advised to identify Cisco devices running Smart Install within their networks, evaluate the need of running this feature, and remove or secure the feature as required. Both the ACSC and Cisco documentation contain details on how to accomplish this.
Russian state-sponsored actors are responsible for activity targeting Cisco devices using the Smart Install feature worldwide, including Australia.
Cisco has published the actions needed to secure the Smart Install feature in, Action Required to Secure the Cisco IOS and IOS XE Smart Install Feature.
The ACSC has previously released guidance on cyber adversaries targeting this feature to extract configuration files from routers and switches of a number of Australian organisations.
Preventing malicious activity
- Australian Government Minister for Law Enforcement and Cyber Security media release: Australian Government attribution of cyber incident to Russia
- UK NCSC Advisory: Russian state-sponsored cyber actors targeting network infrastructure devices
- UK NCSC: Joint US-UK statement on malicious cyber activity carried out by Russian government
- US CERT: Joint US-UK Technical Alert TA18-106A