The United States and its security allies warn that Russian attacks on critical infrastructure are intensifying against “vulnerable and misconfigured network devices around the world.”



  • NSA, FBI, CISA and 15 allied agencies warn that Russia’s FSB Center 16 is exploiting weak or default credentials and old Cisco flaws to compromise critical infrastructure devices
  • The advisory highlights CVE-2018-0171 (Smart Install DoS/RCE) and CVE-2008-412813 (CSRF in Cisco IOS 12.4) as examples of vulnerabilities that are still being abused
  • TTPs overlap with Chinese groups, but attribution points to Russian actors like Berserk Bear and Energetic Bear; The full IoCs and mitigations were published in the joint advisory.

Russian state-sponsored threat actors continually attack broken and misconfigured network devices belonging to critical infrastructure providers around the world, warns a joint security advisory published by the US National Security Agency (NSA) and more than a dozen other agencies.

According to the notice, hackers working for Center 16 of Russia’s Federal Security Service (FSB) are constantly searching for routers and other Internet-connected devices that can be accessed with “common or default” login credentials.

Leave a Comment

Your email address will not be published. Required fields are marked *