Users of Cisco networking hardware have been warned about malware linked to the US National Security Agency (NSA) targeting a particular range of Cisco's products.
The malware is believed to have been used by the hacking group known as Equation Group, which has been linked by some to the NSA.
The group has a portfolio of hacking tools that is known to have taken advantage of a series of zero-day security flaws over the course of almost a decade.
It is believed to have been active since around 2000, but has flown under the radar owing to the nation-state nature of its typical targets.
Cisco, meanwhile, seems keen not to play-up the security risk detailed in its security advisory cisco-sa-20160916-ikev1. Dull, but worthy, the exploit it describes affects Cisco products running IOS, IOS XE and IOS XR software.
Worryingly, perhaps, Cisco said that there are no workarounds and that the company will release the fixes when it has them.
"A vulnerability in Internet Key Exchange version 1 (IKEv1) packet processing code in Cisco IOS, Cisco IOS XE, and Cisco IOS XR software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information," said the advisory.
"The vulnerability is due to insufficient condition checks in the part of the code that handles IKEv1 security negotiation requests."
Worryingly the firm confirmed it has already heard from customers that have been affected by the flaw, proving it has been actively exploited.
"Cisco Product Security Incident Response Team (PSIRT) is aware of exploitation of the vulnerability for some Cisco customers who are running the affected platforms."
Cisco's security blog covered the Equation Group threat in August after an even more shadowy group called the Shadow Brokers hacked the former and released a trove of its hacking tools.
Cisco issued guidance at the time because its equipment was mentioned in the related documents.
"Just as technology advances, so too do the nature and sophistication of attacks. Prolonging the use of older technology exponentially increases risk," the firm explained.
"That said, we are deeply concerned with anything that may affect the integrity of our products or our customers' networks, and Cisco remains steadfast in the position that we should be notified of all vulnerabilities if they are found.
"We look to defend our customers against attacks from any source, and our preventative technology and processes to investigate and fix vulnerabilities are industry-leading."
Why does Facebook store "my entire call history with my partner's mum", asks developer who requested his Facebook data
Facebook database included text-message metadata - despite not using Facebook Messenger for SMS
Before Ocado could start selling the technology it had developed to other retailers, it had to tear down and rebuild its own monolithic architecture
Successful attack could result in harm to patients and financial loss, warns NHS governing body
Guccifer 2.0 claimed to be a lone Romanian hacker - until a schoolboy error gave him, her or them away