Russian hackers continue to infiltrate vital networks via overlooked routers.
A global alert indicates that outdated firmware, weak passwords, and insecure settings are providing state-sponsored hackers with an easy target.
Russian state-sponsored cybercriminals have been taking advantage of a persistent vulnerability in critical infrastructure networks for over ten years. Many organizations continue to leave misconfigured and outdated routers accessible on the internet.
In a collaborative cybersecurity warning, the NSA, CISA, FBI, and their international partners caution that hackers associated with Center 16 of Russia's Federal Security Service are still focusing on at-risk networking equipment. The sectors most at risk include energy, healthcare, and government networks.
A neglected device can leak credentials and disclose how a larger network is structured.
How routers are being exposed
The attackers inspect publicly accessible networks for routers utilizing poorly secured versions of Simple Network Management Protocol, commonly known as SNMP. Devices that accept standard or default authentication credentials can be directed to duplicate their configuration files and transmit them to servers controlled by the attackers.
The cyber operatives from the Russian Federal Security Service (FSB) Center 16 continue to exploit inadequately configured and vulnerable networking devices globally, focusing on critical infrastructure sectors. These vulnerabilities can provide hostile actors access to the systems that… pic.twitter.com/K5Po1v87Fu— FBI Phoenix (@FBIPhoenix) July 14, 2026
Older Cisco devices offer another entry point. The group has taken advantage of known vulnerabilities and exploited Cisco Smart Install, a feature often left enabled long after installation. This does not require elaborate hacking techniques when outdated protocols and weak configurations are already vulnerable.
What attackers gain from a router
Router configuration files can store credentials and illustrate the layout of a network. Once duplicated, that information enables hackers to pinpoint other systems and determine where to focus their attacks.
Misha / Unsplash
The operation is centered on acquiring access rather than causing immediate disruption. This subtler strategy may keep a breach concealed while providing the Russian government with intelligence that could be valuable as its strategic needs evolve. The router serves as just the initial target, with the true assets hidden beyond it.
How organizations can close the door
The agencies advise replacing old routers, updating firmware, and disabling Cisco Smart Install. Network defenders should also transition from outdated SNMPv1 and SNMPv2 protocols to SNMPv3, which offers enhanced authentication and encryption.
Organizations are encouraged to adopt strong, unique passwords and limit management protocols to trusted devices. They should also monitor for suspicious requests and unusual local-account logins.
These are fundamental security practices, but neglecting them means state-sponsored hackers may not need to deploy their most sophisticated tools. Organizations should promptly audit their internet-exposed networking devices, particularly any router that is no longer receiving security updates.
Other articles
Russian hackers continue to infiltrate vital networks via overlooked routers.
State-sponsored Russian hackers are taking advantage of unmaintained routers to infiltrate vital infrastructure networks, leading agencies around the globe to advise organizations to upgrade old equipment and enhance fundamental network security measures.
