Kaspersky published a research note on Black Energy malware that uses backdoors and exploits on Cisco routers to install a TCL file, perform surveillance or destruction of the device configuration.
And, they revealed that their Cisco routers with different IOS versions were hacked. They weren’t able to connect to the routers any more by telnet and found the following “farewell” tcl scripts in the router’s file system:
PS: Funny bit in the TCL file “Thanks C1sco ltd for the built-in backd00rs and 0-days.
I don’t have to remind you that Cisco IOS often has poor security and needs to be upgraded often. Do I ?