Securing Network Devices Against Russian APT Groups


US and allied Governments’ Recommendations: Securing Network Devices Against Russian APT Groups

Pierluigi Paganini
July 15, 2026

US and allies warn of Russian APT groups targeting routers and network devices to compromise critical infrastructure worldwide.

The US and allied governments warn that Russian state-sponsored APT groups are scanning and exploiting poorly secured network devices, especially routers, to access critical infrastructure. Groups linked to FSB Center 16, including Berserk Bear, Energetic Bear, Ghost Blizzard, Crouching Yeti, Dragonfly, and Static Tundra, have targeted organizations in communications, defense, energy, finance, government, and healthcare sectors.

“Russian Federal Security Service (FSB) Center 16 cyber actors continue to exploit poorly configured and vulnerable networking devices worldwide, opportunistically compromising multiple critical infrastructure sector networks.” reads the joint advisory.”

Russian FSB Center 16 actors mainly target poorly configured network devices, especially routers, by scanning the internet for exposed SNMP services with weak or default credentials.

They use spoofed requests to steal device configurations and move them to attacker-controlled servers through TFTP or FTP. The group also exploits known Cisco vulnerabilities and management interfaces. These techniques are not unique to Russia and overlap with other nation-state actors, so the recommended protections help defend against multiple threats.

“The Russian FSB Center 16 cyber actors primarily use scanning to identify poorly configured networking devices, primarily routers, for exploitation. The actors scan for Internet IP ranges with active Simple Network Management Protocol (SNMP) agents that accept common or default community strings for authentication” continues the joint advisory.

“While SNMP scanning is the primary method the actors use to discover and exploit poorly configured networking devices, they occasionally exploit common vulnerabilities and exposures (CVEs) in Cisco devices, Cisco’s Smart Install (SMI) functionality, and web portals to manage network devices.”

Russia-linked threat actors have also exploited known vulnerabilities, including CVE-2018-0171 and CVE-2008-4128, to compromise network devices. Their techniques overlap with other threat groups, such as Salt Typhoon.

Network defenders should strengthen router security by disabling Cisco Smart Install, replacing SNMPv1/v2 with SNMPv3 using strong encryption, and enforcing unique passwords with secure storage.

Organizations should monitor SNMP activity, restrict management access through ACLs, block unnecessary ports such as TFTP, SMI and SNMP from external networks, and detect suspicious configuration changes. They should also keep firmware updated, replace unsupported devices, and use attack surface management tools to identify exposed systems and weak configurations.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)







Source link

Leave a Reply

Subscribe to Our Newsletter

Get our latest articles delivered straight to your inbox. No spam, we promise.

Recent Reviews


YouTube has an AI slop problem, and its crackdown is catching legitimate creators in the crossfire. Faceless channels, where no human host ever appears on screen, have existed for years and are not inherently AI-generated.

Many are run by solo creators who simply prefer to stay anonymous. The problem is that AI tools made it easy to flood the platform with low-effort faceless content at scale, and YouTube’s algorithm is now penalizing the format as a whole.

How bad is the AI slop problem on YouTube?

A Kapwing study found that roughly 21% of the first 500 videos recommended to a new YouTube account were classified as AI slop, while 33% fell into a broader brainrot category. The problem extends to children, too, as more than 40% of YouTube Shorts recommended to kids in a 15-minute session contained low-quality AI content.

YouTube’s response has been to tweak its algorithm to favor videos with real human faces on camera, which is hitting faceless creators even when their content is entirely human-made.

How is YouTube tackling its AI slop problem?

YouTube is now testing a new pop-up on mobile that asks viewers to rate whether a video feels like AI slop, on a scale from “not at all” to “extremely.” The idea sounds reasonable, but crowdsourcing AI detection has real problems. People are bad at spotting AI content, and they are getting worse at it as AI capabilities continue to improve.

There are also legitimate concerns that YouTube could use this viewer feedback as training data for its own AI models, potentially making future AI-generated content even harder to spot.

🚨 Did you just see what YouTube did?

YouTube isn’t banning AI slop.. They’re making you label it so they can train their next model to not look like slop.

Read that again…

You flag the bad AI content. YouTube collects it. Google feeds it into Veo 4… Then next year their… https://t.co/8UC2J3mjjv pic.twitter.com/mIrTChqC1b

— Tuki (@TukiFromKL) March 17, 2026

Meanwhile, faceless creators are scrambling to adapt. According to The Hollywood Reporter, some are hiring cheap on-camera hosts through platforms like Fiverr and Upwork. Others are doubling down on niche educational content, which has held up better than broad content farms.

The AI text-to-video space is still valued at enormous sums, with Higgsfield AI alone sitting at $1 billion, but on YouTube, the math for faceless creators is getting harder to work out every month.



Source link