Home / Technology Today / Cybersecurity / Russian Hackers Target Vuln...

visionaries Network Team

15 July, 2026

cybersecurity

The UK and its allies warn that Russian hackers are targeting vulnerable routers worldwide. Learn how organizations can strengthen their network security

The United Kingdom and several international cybersecurity agencies have issued a joint advisory warning organizations about an ongoing campaign by Russian hackers targeting vulnerable routers and network devices across the globe. The alert highlights the increasing risks facing businesses, government agencies, and critical infrastructure operators as state-sponsored cyber threats continue to evolve.

The advisory was published by the UK's National Cyber Security Centre (NCSC), part of GCHQ, alongside cybersecurity agencies from the United States, Australia, Canada, France, Finland, Poland, Sweden, and New Zealand. According to the agencies, the activity has been linked to Center 16, a cyber unit associated with Russia's Federal Security Service (FSB).

According to the National Cyber Security Centre (NCSC), the advisory was issued jointly with cybersecurity agencies from the United States, Australia, Canada, France, Finland, Poland, Sweden, and New Zealand to help organizations strengthen their defenses against Russian cyber activity targeting network edge devices.

The agency has also published detailed mitigation guidance, including recommendations for securing routers, upgrading to SNMPv3, and restricting administrative access. Read the full advisory on the NCSC website: https://www.ncsc.gov.uk/news/uk-and-allies-urge-critical-sectors-to-improve-defences-against-russian-intelligence-targeting

Cyber Group Exploiting Weak Network Devices

Security officials said Russian hackers are actively scanning the internet for routers configured with weak passwords, outdated software, and older versions of the Simple Network Management Protocol (SNMP). Devices with default credentials or poorly secured management interfaces are particularly vulnerable to compromise.

The threat group, also known by aliases including Berserk Bear, Dragonfly, Ghost Blizzard, Energetic Bear, Crouching Yeti, and Static Tundra, has a long history of targeting critical sectors such as energy, healthcare, finance, communications, defense, and government.

How the Attacks Are Carried Out

According to the advisory, attackers primarily exploit insecure SNMP configurations to identify accessible routers connected to the internet. They have also taken advantage of known Cisco vulnerabilities, weaknesses in Cisco Smart Install, and exposed web-based management portals.

Once a router is compromised, attackers may monitor network traffic, redirect communications, steal credentials, establish persistent access, or move deeper into an organization's network. These techniques can expose sensitive data and disrupt essential business operations.

NCSC Recommends Immediate Security Measures

The NCSC is urging organizations to strengthen their router security without delay. Recommended actions include upgrading to SNMPv3, which offers stronger authentication and encryption, disabling SNMP where it is not required, replacing default passwords with unique credentials, and restricting administrative access through trusted management networks and access control lists.

Organizations are also encouraged to adopt the UK's Cyber Essentials certification and regularly assess their cybersecurity posture using the updated Cyber Assessment Framework.

International Cooperation Against Cyber Threats

The warning comes as the UK announced sanctions against individuals and organizations linked to Russian cyber and hybrid operations. Authorities have also attributed the December cyberattack targeting Poland's energy grid to FSB Center 16, stating that the incident had the potential to disrupt electricity supplies had it been successful.

Cybersecurity experts continue to emphasize that keeping network devices updated, removing unnecessary internet exposure, and following security best practices remain among the most effective ways to defend against sophisticated state-sponsored attacks.

FAQs

1. Who issued the latest warning about Russian hackers?

The advisory was jointly issued by the UK's National Cyber Security Centre (NCSC) and cybersecurity agencies from the United States, Australia, Canada, France, Finland, Poland, Sweden, and New Zealand.

2. Who is behind these attacks?

The activity has been attributed to Center 16, a cyber unit linked to Russia's Federal Security Service (FSB), also known as Berserk Bear, Dragonfly, Ghost Blizzard, and several other aliases.

3. What devices are being targeted?

The attackers are primarily targeting internet-connected routers and network devices with weak passwords, outdated software, or insecure SNMP configurations.

4. How can organizations protect themselves?

Organizations should upgrade to SNMPv3, install firmware updates, use strong unique passwords, disable unnecessary services, and restrict administrative access.

5. Why are routers a common target for Russian hackers?

Routers serve as the gateway between an organization's internal network and the internet, making them a valuable target for cybercriminals. If a router is compromised, attackers can monitor network traffic, steal sensitive credentials, redirect communications, and gain deeper access to connected systems.

Securing routers with updated firmware, strong passwords, and modern security protocols such as SNMPv3 significantly reduces the risk of unauthorized access.