Back to Feed
Nation-stateJul 13, 2026

Officials once again warn defenders that Russian hackers are targeting network devices

Russian hackers exploit network device vulnerabilities to target critical infrastructure globally.

Summary

Russian state-sponsored hackers, also known as Berserk Bear and others, are actively targeting critical infrastructure worldwide by exploiting misconfigured and vulnerable network devices. Authorities from the US and 12 other countries issued a joint advisory warning about these ongoing attacks, which leverage old vulnerabilities in Cisco devices and weak default passwords. The advisory urges defenders to implement stronger security measures and disable vulnerable features.

Full text

Russian state-sponsored hackers are breaking into critical infrastructure around the world by exploiting poorly configured and vulnerable networking devices, authorities from the United States and 12 additional countries said in a joint cybersecurity advisory Monday. Officials once again urged defenders to take more preventative measures to thwart attacks from the Russian Federal Security Service Center 16, which has been actively targeting critical infrastructure for more than a decade. The hackers are also tracked as Berserk Bear, Energetic Bear, Crouching Yeti, Dragonfly, Ghost Blizzard and Static Tundra. “This is an ongoing issue that has impacted various U.S. and foreign networks across multiple sectors, including the defense industrial base, communications, energy, financial services, government facilities and health care sectors,” the National Security Agency said in a statement. The state-sponsored attackers scan the internet for vulnerable routers using default or weak passwords, and have also exploited vulnerabilities in Cisco devices, Cisco’s Smart Install feature and web portals to take over network devices. Two of the Cisco vulnerabilities exploited by the Russian FSB Center 16 hackers are quite old, including CVE-2008-4128 and CVE-2018-0171. Officials shared technical details of the threat group’s activities and advised network defenders to disable Cisco Smart Install on all devices, use stronger modes of authentication and passwords, monitor for unusual credentials and logins using local accounts. The joint advisory comes nearly a year after the FBI issued a similar alert about the same group targeting end-of-life networking devices running Cisco Smart Install. On Monday, the European Union blamed Russia’s FSB Center 16 for a December 2025 attack on Poland’s energy grid. The United Kingdom, also on Monday, sanctioned 24 individuals and entities allegedly involved in various attacks attributed to Russian intelligence services. “From directing criminals to targeting businesses, and striking Poland’s energy grid in the depths of winter, the Russian state is sinking to new lows in its attempts to undermine European security,” Yvette Cooper, foreign security of the United Kingdom, said in a statement. Other countries behind the joint cybersecurity advisory include: Canada, Australia, New Zealand, Czech Republic, Denmark, Estonia, Finland, France, Italy, Poland and Sweden. Share Facebook LinkedIn Twitter Copy Link

Indicators of Compromise

  • cve — CVE-2008-4128
  • cve — CVE-2018-0171

Entities

Berserk Bear (threat_actor)Energetic Bear (threat_actor)Crouching Yeti (threat_actor)Dragonfly (threat_actor)Ghost Blizzard (threat_actor)Static Tundra (threat_actor)