Global coalition warns Russian hackers exploiting poorly secured routers to infiltrate critical networks
By
Mr Bagel
Cybersecurity agencies from multiple countries have jointly warned that Russian state-backed hackers are actively exploiting vulnerable and poorly configured routers to infiltrate critical infrastructure networks worldwide. The advisory, released by authorities including the U.S. National Security Agency (NSA) and the U.K.'s National Cyber Security Centre (NCSC), urges organizations to strengthen their router defences.
"Russian state-backed hackers are actively targeting vulnerable routers using weak SNMP credentials"
Infosecurity Magazine reported that the coalition includes 12 countries, highlighting the international scope of the threat. The hackers are said to be exploiting default or weak Simple Network Management Protocol (SNMP) credentials to gain initial access to networks.
"Russian state hackers are targeting vulnerable and poorly configured routers to infiltrate critical infrastructure networks"
According to BleepingComputer, the joint warning underscores how Russian cyber actors are systematically scanning for and compromising routers with lax security settings, then using that access to move laterally within targeted networks. The advisory specifically calls out risks to energy, water, and transportation sectors.
The NCSC emphasized that many compromised routers remain undetected because organizations fail to change default passwords or apply firmware updates. "New advisory highlights Russian state cyber actors' global exploitation of poorly configured routers," the UK agency stated, according to its own announcement, urging critical sector operators to adopt basic router hygiene such as disabling unused ports and enforcing strong authentication.
The NSA, in collaboration with international partners, released guidance titled "Improve Router Hygiene to Protect Against Russian State-Sponsored Targeting," as reported by GlobalSecurity. Experts recommend that network administrators audit router configurations, segment critical assets, and monitor for signs of exploitation to mitigate the ongoing campaign.
The reporting
12 outlets covered this story. Each links to the original.


Baker's Take
Comments
Sign in to join the conversation.
No comments yet. Be the first.