By Alex Scroxton
Publication Date: 2026-02-25 12:30:00
The UK’s National Cyber Security Centre (NCSC) and its partner agencies in the Anglophone Five Eyes intelligence-sharing group have warned users of Cisco Catalyst Software Defined Wide Area Networks (SD-WAN) to take immediate action after identifying a cluster of threat activity targeting the widely used products.
The activity appears indiscriminate in its targeting, but the modus operandi is largely the same – following compromise, the as-yet-unnamed threat actors add a malicious rogue peer before conducting follow-on actions to achieve root access and maintain persistent access to the victim’s network.
“Our new alert makes clear that organisations using Cisco Catalyst SD-WAN products should urgently investigate their exposure to network compromise and hunt for malicious activity, making use of the new threat hunting advice produced with our international partners to identify evidence of compromise,” said NCSC chief technology officer (CTO) Ollie Whitehouse.
“UK…