Russian State Hackers Target Vulnerable Routers Worldwide

Russian State Hackers Target Vulnerable Routers Worldwide

First seen 13 Jul 2026, 13:28 UTC BleepingcomputerFeeds.4SysopsInfosecurity-MagazineYle.Fi 77% similarity 80.8

Article Content

Browse articles
ThreatCluster

Cybersecurity agencies from 12 countries have issued a joint advisory warning that Russian state hackers from the FSB's Centre 16 are actively targeting vulnerable routers globally. These hackers exploit weak Simple Network Management Protocol (SNMP) passwords and community strings to infiltrate critical infrastructure sectors, including energy, healthcare, and financial services. The advisory highlights the exploitation of CVE-2018-0171, a vulnerability in Cisco devices, which has been under active exploitation since November 2021. The attacks involve scanning for poorly configured routers, issuing commands to copy configurations, and exfiltrating them via Trivial File Transfer Protocol (TFTP) to actor-controlled servers. The UK government has attributed recent cyber-attacks on Poland's energy infrastructure to these actors, emphasizing the potential for widespread disruption. Agencies have urged organizations to upgrade to SNMPv3 and implement stronger security measures to mitigate risks. The advisory follows a series of coordinated cyber operations attributed to Russian state-backed groups targeting critical infrastructure.

Key Points: • Russian state hackers are targeting vulnerable routers globally, focusing on critical infrastructure. • Exploitation of CVE-2018-0171 in Cisco devices has been confirmed, with attacks ongoing since 2021. • Agencies recommend immediate action, including upgrading to SNMPv3 and enhancing router security.

ThreatCluster AI

Timeline

2021-11-03
CVE-2018-0171 added to CISA KEV
CVE-2018-0171, a vulnerability in Cisco devices, was recognized for active exploitation by CISA.
Infosecurity-Magazine
2025-08-01
FBI warns of attacks using CVE-2018-0171
The FBI reported that Russian hackers have been exploiting CVE-2018-0171 in Cisco devices since November 2021.
Bleepingcomputer
2025-12-01
Poland's energy infrastructure targeted
Coordinated cyber-attacks on Poland's energy infrastructure were attributed to FSB Centre 16, highlighting the threat to critical services.
Infosecurity-Magazine
2026-07-13
Joint advisory issued by 12 countries
A joint advisory was released warning of ongoing Russian cyber operations targeting vulnerable routers worldwide.
Bleepingcomputer

Community

Browse all →