© 2026 CoolTechZone - Latest tech news,
product reviews, and analyses.

Russian intelligence is targeting critical infrastructure, cybersecurity agencies warn


Western cybersecurity agencies have issued a joint statement warning of Russian hackers exploiting vulnerable, poorly configured network devices to infiltrate critical infrastructure.

According to a public service announcement of the FBI’s Internet Crime Complaint Center (IC3), the Russian Federal Security Service’s (FSB) Center 16 group is actively trying to compromise multiple critical infrastructure sector networks, including the communications sector, defense, energy suppliers, financial service providers, government agencies, and healthcare institutions.

The Russian threat actor Center 16, also known as Berserk Bear, Energetic Bear, Crouching Yeti, Dragonfly, Ghost Blizzard, and Static Tundra, is scanning the internet to identify poorly configured networking devices – primarily routers – for exploitation.

Once they’ve found them, the attackers copy device configuration files and exfiltrate them via the Trivial File Transfer Protocol (TFTP) to actor-controlled or leased virtual private servers.

“While SNMP [Simple Network Management Protocol] scanning is the primary method the actors use to discover and exploit poorly configured networking devices, they occasionally exploit common vulnerabilities and exposures (CVEs) in Cisco devices, Cisco’s Smart Install (SMI) functionality, and web portals to manage network devices,” the public service announcement reads.

SNMP enables network administrators to remotely monitor and configure network equipment. TFTP is a way to send files to other users over a network without a username or password.

Cybersecurity agencies from Australia, Canada, the Czech Republic, Denmark, Estonia, Finland, France, Italy, New Zealand, Poland, Sweden, the United Kingdom, and the United States are urging network defenders to spring into action.

They’ve recommended upgrading to SNMP v3, disabling Cisco Smart Install, enforcing strong unique passwords, using Access Control Lists (ACLs) to only allow approved management protocols, blocking TFTP and SNMP traffic at edge firewalls, updating software and firmware, and replacing end-of-life devices.

“Today’s joint advisory provides decisive, actionable directions from the global security community that network defenders should implement to protect against Russian Intelligence operations and secure the UK’s critical infrastructure. I’d strongly encourage all organizations, especially those entrusted with UK critical networks, to adopt these recommended measures immediately, thereby reducing the risk of compromise,” Jonathon Ellison, Director of National Resilience at the UK’s National Cyber Security Centre (NCSC), says in a statement.