-
The United States and 11 partner nations have warned that Russian government hackers continue to target routers and other internet-facing devices.
-
Officials said attackers exploit old software, weak passwords, and outdated network settings to gain long-term access to critical systems.
-
The joint advisory urges organizations to update devices, disable unused services, and strengthen router security to reduce cyber risks.

The United States and several allied countries have warned organizations to improve the security of their routers and other internet-facing devices. Officials say Russian government-backed hackers continue to target these systems to break into larger networks.
The warning came through a joint cybersecurity advisory released on July 9. It involved agencies from the United States, Australia, Canada, the Czech Republic, Denmark, Estonia, Finland, France, Italy, New Zealand, Poland, Sweden, and the United Kingdom.
Center 16 to Target Edge Devices Due to Poor Protections
According to the advisory, the cyber activity links to a Russian government threat actor connected to the Federal Security Service (FSB), also known as Center 16. Officials said the group focuses on edge devices because many organizations fail to protect them properly.
Routers and similar devices connect organizations to the internet. Many businesses rely on them every day. However, these systems often receive less attention than computers, making them attractive targets for cyber attackers.
The advisory says hackers often take advantage of simple security mistakes. These include outdated firmware, weak passwords, poor device settings, and old network management features that should no longer remain active.
Once attackers gain access, they can steal device settings, collect login details, monitor network traffic, and keep access to the network for future operations.
The warning mainly targets organizations that run critical infrastructure. These include the communications, defense, energy, financial services, government, and healthcare sectors. Officials said a compromised router could give attackers an easy path into larger operational systems.
Russian Hackers Continue to Target Weak Network Devices
The advisory explains that the attackers do not always depend on advanced hacking tools. Instead, they often succeed because many organizations fail to follow basic security practices.
According to the agencies, many organizations still leave older management protocols, including SNMPv1 and SNMPv2, enabled. International cooperation has also led to the shutdown of thousands of scam accounts in a global enforcement operation.
Others fail to install firmware updates or leave management panels exposed to the public internet. These weaknesses make it much easier for attackers to break into devices.
Officials also pointed to Cisco Smart Install (SMI) as another feature that deserves attention. They advised organizations to turn it off if they no longer need it because threat actors have abused it in previous attacks.
A compromised router can give hackers valuable information. It may reveal how a network is built, where important systems sit, and what credentials employees use. Attackers can then use that information to move deeper into the network.
Unlike employee computers, routers often receive little security monitoring. That means attackers can stay hidden for long periods without raising alarms.
The advisory says this approach has become more common in cyber espionage. Instead of attacking individual computers first, state-backed groups increasingly target network devices because they provide wider access and often remain unnoticed.
Security researchers have previously observed Russian intelligence-linked operations using routers, VPN appliances, and firewalls to support long-term intelligence gathering.
Agencies Share Simple Steps to Reduce the Risk
The participating cybersecurity agencies urged organizations to improve basic router security before attackers exploit these weaknesses.
According to the advisory, organizations should install the latest firmware updates on routers and other edge devices as soon as they become available. Updated software closes known security gaps that attackers often exploit.
Officials also recommend replacing default or weak administrator passwords with strong, unique credentials. Shared or easy-to-guess passwords make it much easier for attackers to gain access.
The advisory also encourages organizations to disable services and older network protocols that they no longer need. Every unnecessary feature creates another possible entry point for attackers.
The agencies further advised organizations to limit management access to trusted networks instead of exposing administrative interfaces directly to the internet. They also recommended reviewing router settings regularly to detect unauthorized changes.
Continuous monitoring also remains important. Officials encouraged organizations to watch network devices for unusual activity, maintain an accurate inventory of internet-facing assets, and replace unsupported hardware that no longer receives security updates.
The advisory was issued jointly by the U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense Cyber Crime Center (DC3). Cybersecurity agencies from 11 allied nations also joined the effort.
Officials said the broad international partnership shows that governments remain concerned about Russian state-sponsored cyber activity targeting critical infrastructure around the world.
The agencies did not announce a newly discovered hacking campaign or identify specific victims in this advisory. Instead, they said the guidance aims to help organizations fix common weaknesses that attackers continue to exploit during real-world operations.
According to the advisory, improving router security, removing outdated settings, applying software updates, and following good cyber hygiene remain some of the best ways to stop attackers from gaining long-term access to critical systems.