US and security allies warn Russian attacks on critical infrastructure are increasing against ‘poorly configured and vulnerable network devices around the world’


  • NSA, FBI, CISA and 15 Allied Agencies Warn Russia’s FSB Center 16 Exploiting Weak/Standard Information and Legacy Cisco Flaws to Compromise Critical Infrastructure Devices
  • Advisory highlights CVE-2018-0171 (Smart Install DoS/RCE) and CVE-2008-412813 (CSRF in Cisco IOS 12.4) as examples of vulnerabilities that are still being exploited
  • TTPs overlap Chinese groups, but attribution points to Russian actors such as Berserk Bear and Energetic Bear; full IoCs and countermeasures were published in the joint advisory

Russian state-sponsored threat actors are constantly targeting compromised and misconfigured network devices belonging to critical infrastructure providers around the world, a joint security advisory issued by the US National Security Agency (NSA) and more than a dozen other agencies has warned.

According to the guidance, hackers working for the Russian Federal Security Service (FSB) Center 16 are constantly scanning for routers and other Internet-connected devices that can be accessed with “ordinary or standard” login credentials.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top