Russian hackers continue to target vulnerable routers worldwide

The US — together with agencies from Australia, the UK, Canada, New Zealand, Estonia, Sweden, Denmark, Poland, Finland, France, Czechia and Italy — has issued a joint warning that Russian state-sponsored hackers are actively targeting vulnerable routers to gain access to critical infrastructure networks worldwide. According to the Cybersecurity Advisory, the hackers are linked to Center 16 of Russia’s Federal Security Service (FSB), which has been exploiting poorly secured or outdated networking equipment for years to steal network configurations, credentials and other sensitive information that can be used to establish long-term access.
The attack pattern is fairly unsophisticated, with hackers focusing on routers with weak passwords, outdated firmware or insecure default settings, particularly in sectors such as communications, energy, defense, healthcare and finance. Rather than immediately disrupting operations, the hackers often use compromised devices to map internal networks, collect VPN credentials, and prepare for future espionage or cyberattacks. The advisory notes that even a single neglected edge device can provide a gateway into much larger and more sensitive systems.
To reduce the risk of compromise, cybersecurity agencies recommend updating router firmware, disabling unnecessary services, replacing default credentials with strong passwords, enabling multi-factor authentication where possible and regularly monitoring network devices for suspicious activity. Organizations are also advised to replace outdated equipment and follow cybersecurity best practices. In sum, strengthening basic router security is one of the most effective defenses against sophisticated nation-state cyber threats.










