In an advisory of its own, Cisco said the threat actors are compromising the devices after acquiring administrative credentials and that there’s no indication they are exploiting vulnerabilities.
If they aren’t exploiting vulnerabilities (and this is all because of mishandling of admin creds) then why are only Cisco routers being targeted?