Updated
Updated · linkedin · Jul 13
NSA, CISA, FBI Warn Russian Hackers Exploit Routers Worldwide as 12 Allies Join Advisory
Updated
Updated · linkedin · Jul 13

NSA, CISA, FBI Warn Russian Hackers Exploit Routers Worldwide as 12 Allies Join Advisory

3 articles · Updated · linkedin · Jul 13

Summary

  • A joint advisory from the NSA, CISA, FBI and partners says Russia’s FSB Center 16 is exploiting internet-facing routers and other edge devices worldwide to gain long-term espionage access into critical infrastructure networks.
  • The agencies said the operators mostly abuse basic weaknesses—not zero-days—by scanning for exposed SNMP services, default community strings, outdated firmware and Cisco Smart Install, then exporting router configurations via TFTP.
  • Those stolen configuration files can reveal credentials, VPN settings, internal IP schemes, routing data and firewall rules, giving attackers a blueprint for lateral movement across communications, energy, finance, government, healthcare and defense networks.
  • The warning was co-signed by more than a dozen allied countries and landed as the UK and EU imposed sanctions on Russian cyber actors, with British officials also tying FSB Center 16 to a December 2025 attempted attack on Poland’s energy grid.
  • The advisory urges organizations to disable SNMPv1/v2 and Smart Install, move to SNMPv3, restrict management access, replace weak credentials and retire unsupported hardware—underscoring that basic router hygiene remains a frontline defense.

Insights

With Russia exploiting basic security flaws, are sanctions enough to protect our critical networks?
Why do decade-old hacking techniques still threaten the world’s most critical infrastructure?
As Russia's hybrid war continues, how is cyber espionage shaping the future of global conflict?

Russian FSB Center 16 Launches Global Router Attacks: Critical Infrastructure at Immediate Risk

Overview

On July 13, 2026, a broad international coalition issued an urgent warning about ongoing attacks targeting global routers and networking devices, especially those in critical infrastructure. These attacks are led by Russia's Federal Security Service (FSB) Center 16, a group known by many aliases such as Berserk Bear and Dragonfly. FSB Center 16 uses advanced tools and coordinated campaigns to exploit any vulnerability they find. The coalition urges device owners and network defenders worldwide to review the advisory and quickly implement mitigation and remediation actions to protect against this severe and immediate threat.

...