The Register: US puts $10M bounty on three Russians accused of attacking critical infrastructure

Sep 4, 2025

—

Source URL: https://www.theregister.com/2025/09/04/us_10m_bounty_fsb_attackers/
Source: The Register
Title: US puts $10M bounty on three Russians accused of attacking critical infrastructure

Feedly Summary: Seven-year-old Cisco vuln that remains inexplicably unpatched is their way in
The US State Department has put a $10 million bounty on the heads of three Russians accused of being intelligence agents hacking America’s critical infrastructure – primarily via old Cisco kit, it seems.…

AI Summary and Description: Yes

Summary: The text discusses a significant and ongoing vulnerability in Cisco equipment that has remained unpatched for several years, which has been exploited by Russian intelligence agents to infiltrate America’s critical infrastructure. The situation illustrates critical implications for infrastructure security and the necessity of timely vulnerability management.

Detailed Description:
The text highlights a severe issue regarding a long-standing vulnerability in Cisco devices, drawing attention to its exploitation by foreign intelligence in the context of national security. Here are the main points:

– **Unpatched Vulnerability**: The core of the issue is a vulnerability in Cisco equipment that has not been addressed for seven years, raising concerns about infrastructure security.
– **State Department Response**: The U.S. State Department’s decision to offer a $10 million bounty for the capture of Russian hackers underscores the severity and urgency of the threat posed to critical infrastructure.
– **Exploitation of Legacy Systems**: The text implies that older technology, particularly Cisco systems, continues to be targeted, emphasizing the risks associated with aging infrastructure and the importance of continued support and patching.
– **Critical Infrastructure Targeting**: The focus on critical infrastructure signals a broader risk landscape, where outdated protection measures can lead to substantial vulnerabilities and potential breaches.
– **Implications for Security Governance**: There is a pressing need for improved vulnerability management, regular updates, and comprehensive threat detection mechanisms to protect against sophisticated adversaries.

In summary, this scenario serves as a compelling reminder for security and compliance professionals to prioritize patch management and the need to reevaluate the security posture of legacy systems to mitigate risks effectively.

1 10 2 2025 4 5 a ads age agent agents AGI AI and anti art as at ated attack attacker attackers being Bi breach breaches by C CERN CI CIA Cisco Cisco devices co compliance compliance professionals concerns Context core critical critical infrastructure D de decision detection detection mechanisms device e effective equipment exp exploit Exploitation for g Gen GIS Go governance H hack hacker hackers hacking high Highlight HR http HTTPS implications implications for security in infrastructure infrastructure security Intel intelligence io issue ite k l land led legacy systems Li long M man management measures N nation national security NGO no o of off on ons oS out over Patch Patch Management patching phi point post potential pre pro professionals protection protection measures ps Q R raising rate RCE re regular updates response Risk risks Ro RoT RSA Russia Russian Russian hackers Russian intelligence s sec security security and compliance security governance security posture severity Sig Signal SoC source SSE SSO state support system systems T target targeted tech technology ted text the threat threat detection Time to TP U.S. UI under unpatched vulnerability up update updates US use V val vulnerabilities vulnerability Vulnerability Management Wi x z