Russian FSB Exploits Vulnerable Routers to Target Critical Infrastructure

Russian FSB Exploits Vulnerable Routers to Target Critical Infrastructure

First seen 13 Jul 2026, 13:28 UTC BleepingcomputerFeeds.4SysopsInfosecurity-MagazineComputingYle.Fi+11 86% similarity 78.0

Article Content

Browse articles
ThreatCluster

A joint advisory from 21 global cybersecurity agencies warns that Russian state hackers from the FSB's Center 16 are exploiting poorly configured routers to infiltrate critical infrastructure networks worldwide. The advisory highlights the use of default or weak Simple Network Management Protocol (SNMP) passwords to access sensitive systems in sectors such as defense, energy, healthcare, and finance. Recent attacks have been attributed to the FSB's Center 16, which has been linked to a failed cyberattack on Poland's energy grid in December 2025 that could have left 500,000 citizens without power. The advisory also emphasizes the exploitation of vulnerabilities in Cisco devices, particularly CVE-2018-0171 and CVE-2008-4128. Organizations are urged to enhance their router security by implementing stronger authentication methods and disabling legacy protocols. The UK and EU have imposed sanctions on 24 individuals and entities connected to these cyber operations. This ongoing threat underscores the need for improved cybersecurity hygiene across critical sectors.

Key Points: • Russian FSB's Center 16 is targeting critical infrastructure by exploiting weak router security. • Key vulnerabilities include CVE-2018-0171 and CVE-2008-4128, affecting Cisco devices. • The UK and EU have sanctioned 24 individuals linked to Russian cyber operations.

ThreatCluster AI

Timeline

2021-11-03
CVE-2018-0171 added to CISA KEV
CVE-2018-0171 was added to the CISA Known Exploited Vulnerabilities catalog due to active exploitation.
NVD
2025-12-01
Failed cyberattack on Poland's energy grid
The FSB's Center 16 attempted to compromise Poland's energy infrastructure, potentially affecting 500,000 citizens.
Infosecurity-Magazine
2026-07-13
Joint advisory issued by global cybersecurity agencies
A coalition of 21 agencies warns of Russian state hackers exploiting vulnerable routers and SNMP configurations.
Streamlinefeed.Co.Ke
2026-07-13
UK and EU impose sanctions
The UK and EU sanctioned 24 individuals and entities involved in orchestrating Russian cyberattacks.
Darkreading
2026-07-13
CVE-2008-4128 added to CISA KEV
CVE-2008-4128 was added to the CISA Known Exploited Vulnerabilities catalog, indicating active exploitation.
NVD

Community

Browse all →