Hackers are exploiting exposed Cisco products, Five Eyes intelligence agencies say

A Cisco threat intelligence report calls the cyberintruders “highly sophisticated” but stops short of naming any affiliation with a foreign nation.

The Cybersecurity and Infrastructure Security Agency and its overseas intelligence partners said a “significant cyber threat” is exploiting vulnerabilities in Cisco wide-area networking equipment and urged organizations to search for signs that they’ve been compromised. Federal networks are also exposed.

CISA, the NSA and Five Eyes partners — which include cyber agencies in the UK, New Zealand, Canada and Australia — issued the alert Wednesday and said two cyber vulnerabilities — denoted CVE-2026-20127 and CVE-2022-20775 — were discovered on exposed devices.

A concurrent report produced by Cisco’s cyber threat intelligence unit dubbed the hacking group as UAT-8616, assessing it as a “highly sophisticated cyber threat actor.” Cisco and the cyberintelligence agencies did not name a particular nation-state affiliation with the hackers.

After confirming that hackers were actively exploiting the previously unknown ...