The United States and its security allies are warning that Russian attacks on critical infrastructure are escalating against “misconfigured and vulnerable network devices around the world.”


  • The NSA, FBI, CISA and 15 allied agencies warn that Russian FSB Center 16 is exploiting weak/default credentials and old Cisco vulnerabilities to compromise critical infrastructure devices.
  • The advisory highlights CVE‑2018‑0171 (Smart Install DoS/RCE) and CVE‑2008‑412813 (CSRF in Cisco IOS 12.4) as examples of vulnerabilities still being exploited.
  • TTP overlaps with Chinese groups, but attribution points to Russian players like Berserk Bear and Energetic Bear; the full IoC and mitigation measures have been published in the joint advisory report

Russian state-sponsored threat actors are continuously targeting faulty and misconfigured network devices belonging to critical infrastructure providers around the world, warns a joint security advisory issued by the U.S. National Security Agency (NSA) and more than a dozen other agencies.

According to the advisory, hackers working for Center 16 of the Russian Federal Security Service (FSB) are constantly searching for routers and other Internet-connected devices accessible with “common or default” login credentials.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top