The National Security Agency is warning that Russian government-backed hackers continue targeting internet routers used by businesses and critical infrastructure, urging organizations to shore up basic network security to reduce the risk of cyber intrusions.
In a joint cybersecurity advisory released Monday, the NSA, FBI, Cybersecurity and Infrastructure Security Agency (CISA) and nearly 20 allied cybersecurity agencies said cyber actors linked to Russia’s Federal Security Service, or FSB, have spent years exploiting vulnerable or poorly configured networking devices to gain access to sensitive networks.
The advisory said organizations in the financial services, energy, communications, healthcare, government and defense industrial base sectors have been affected. Officials said those industries play a critical role in the U.S. economy.
IBM SENDS ‘SHOCKWAVE’ THROUGH TECH INDUSTRY WITH AI WARNING
Rather than launching disruptive attacks immediately, the hackers often scan the internet looking for outdated or improperly secured routers, then quietly copy device configuration files that can contain administrator credentials, network layouts and other information useful for gaining deeper access into an organization’s systems, according to the advisory.
Officials said the campaign frequently relies on poor “router hygiene” – basic security practices such as keeping router software up to date, replacing default passwords with strong, unique credentials and disabling unnecessary remote management features.

HACKERS ARE GOING AFTER WHATEVER THEY CAN ATTACK TO MAKE NEWS, RUBRIK CEO SAYS
Officials said many of the attacks can be prevented by following a handful of basic cybersecurity practices, including updating router software and firmware to patch known vulnerabilities, using stronger authentication methods, restricting access to network management tools and replacing legacy security settings with more modern protections.
The advisory builds on an earlier FBI warning about Russian cyber activity targeting networking devices, saying the campaign has persisted for more than a decade and continues to threaten critical infrastructure worldwide. Officials said the same defensive measures can also help protect organizations against similar tactics used by other sophisticated hacking groups.

Cybersecurity researchers have tracked Russian activity under several names over the years, including “Dragonfly,” “Energetic Bear” and “Ghost Blizzard,” though different security firms use different naming conventions for the same threat actors.
CLICK HERE TO GET FOX BUSINESS ON THE GO
The warning was issued jointly by the NSA, FBI, CISA, the Department of Defense Cyber Crime Center and cybersecurity agencies from the United Kingdom, Canada, Australia, New Zealand and numerous European allies, underscoring what officials described as an ongoing threat to organizations that rely on internet-connected networking equipment.











