Russian hackers continue to infiltrate vital networks via overlooked routers.

Russian hackers continue to infiltrate vital networks via overlooked routers.

      A global alert indicates that outdated firmware, weak passwords, and insecure settings are providing state-sponsored hackers with an easy target.

      Russian state-sponsored cybercriminals have been taking advantage of a persistent vulnerability in critical infrastructure networks for over ten years. Many organizations continue to leave misconfigured and outdated routers accessible on the internet.

      In a collaborative cybersecurity warning, the NSA, CISA, FBI, and their international partners caution that hackers associated with Center 16 of Russia's Federal Security Service are still focusing on at-risk networking equipment. The sectors most at risk include energy, healthcare, and government networks.

      A neglected device can leak credentials and disclose how a larger network is structured.

      How routers are being exposed

      The attackers inspect publicly accessible networks for routers utilizing poorly secured versions of Simple Network Management Protocol, commonly known as SNMP. Devices that accept standard or default authentication credentials can be directed to duplicate their configuration files and transmit them to servers controlled by the attackers.

      The cyber operatives from the Russian Federal Security Service (FSB) Center 16 continue to exploit inadequately configured and vulnerable networking devices globally, focusing on critical infrastructure sectors. These vulnerabilities can provide hostile actors access to the systems that… pic.twitter.com/K5Po1v87Fu— FBI Phoenix (@FBIPhoenix) July 14, 2026

      Older Cisco devices offer another entry point. The group has taken advantage of known vulnerabilities and exploited Cisco Smart Install, a feature often left enabled long after installation. This does not require elaborate hacking techniques when outdated protocols and weak configurations are already vulnerable.

      What attackers gain from a router

      Router configuration files can store credentials and illustrate the layout of a network. Once duplicated, that information enables hackers to pinpoint other systems and determine where to focus their attacks.

      Misha / Unsplash

      The operation is centered on acquiring access rather than causing immediate disruption. This subtler strategy may keep a breach concealed while providing the Russian government with intelligence that could be valuable as its strategic needs evolve. The router serves as just the initial target, with the true assets hidden beyond it.

      How organizations can close the door

      The agencies advise replacing old routers, updating firmware, and disabling Cisco Smart Install. Network defenders should also transition from outdated SNMPv1 and SNMPv2 protocols to SNMPv3, which offers enhanced authentication and encryption.

      Organizations are encouraged to adopt strong, unique passwords and limit management protocols to trusted devices. They should also monitor for suspicious requests and unusual local-account logins.

      These are fundamental security practices, but neglecting them means state-sponsored hackers may not need to deploy their most sophisticated tools. Organizations should promptly audit their internet-exposed networking devices, particularly any router that is no longer receiving security updates.

Russian hackers continue to infiltrate vital networks via overlooked routers. Russian hackers continue to infiltrate vital networks via overlooked routers. Russian hackers continue to infiltrate vital networks via overlooked routers. Russian hackers continue to infiltrate vital networks via overlooked routers. Russian hackers continue to infiltrate vital networks via overlooked routers. Russian hackers continue to infiltrate vital networks via overlooked routers.

Other articles

ASML intends to increase the production speed of its EUV machines by 30% due to the demand for AI exceeding its manufacturing capabilities. ASML intends to increase the production speed of its EUV machines by 30% due to the demand for AI exceeding its manufacturing capabilities. ASML is decreasing the EUV cycle time from 22 weeks to 15-16 weeks. It is almost fully reserved for 2027, with significant orders for 2028 already secured. Guidance has been improved. Velocity secures $38 million in Series A funding for stablecoin transactions. Velocity secures $38 million in Series A funding for stablecoin transactions. London-based fintech Velocity has secured $38 million in a Series A funding round, with Dragonfly and FirstMark as the leading investors, to provide enterprises with stablecoin treasury and settlement solutions. DeepSeek's IPO is approaching as it aims for a valuation of $71 billion. DeepSeek's IPO is approaching as it aims for a valuation of $71 billion. A DeepSeek IPO could be possible as early as this year. The Chinese AI lab is seeking a new funding round at a valuation of $71 billion, an increase from $50 billion just six weeks prior. GameNative has just simplified the process of loading PC game mods onto your Android phone to an alarming degree. GameNative has just simplified the process of loading PC game mods onto your Android phone to an alarming degree. GameNative’s newest pre-release offers direct downloads and management of Nexus Mods on Android, simplifying PC game modding but urging early users to acknowledge the risks associated with unpolished software. You no longer require Willow’s Pro plan to have unlimited AI dictation on your iPhone. You no longer require Willow’s Pro plan to have unlimited AI dictation on your iPhone. Willow has announced that its iOS keyboard no longer limits free AI dictation, meaning you no longer require the Pro plan for unlimited voice typing. Children in China are now prohibited from developing romantic feelings for chatbots. Children in China are now prohibited from developing romantic feelings for chatbots. China has prohibited emotional AI relationships that involve minors as regulators aim to reduce dependency on chatbots and tackle the nation's historically low birth rate.

Russian hackers continue to infiltrate vital networks via overlooked routers.

State-sponsored Russian hackers are taking advantage of unmaintained routers to infiltrate vital infrastructure networks, leading agencies around the globe to advise organizations to upgrade old equipment and enhance fundamental network security measures.