Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Critical UEFI Shim Flaw Lets Attackers Bypass Secure Boot
July 14, 2026
xAI Grok CLI Exposed Git Repos and .env Secrets on Cloud Storage
July 14, 2026
Salesforce Fixes Critical OAuth Flaw Allowing Persistent Data Access
July 14, 2026
Home/CyberSecurity News/UK and Allies Warn of Russian Hackers Exploiting Routers Worldwide
CyberSecurity News

UK and Allies Warn of Russian Hackers Exploiting Routers Worldwide

Key Takeaways An international coalition, led by the UK, has issued a joint warning regarding widespread targeting of network routers by Russian state-sponsored hackers. Center 16, a unit of...

Emy Elsamnoudy
Emy Elsamnoudy
July 14, 2026 4 Min Read
3 0

Key Takeaways

  • An international coalition, led by the UK, has issued a joint warning regarding widespread targeting of network routers by Russian state-sponsored hackers.
  • Center 16, a unit of Russia’s FSB, is actively exploiting weak configurations and known vulnerabilities in routers globally.
  • The threat primarily leverages insecure Simple Network Management Protocol (SNMP) implementations and other known flaws to gain control of devices.
  • Critical national infrastructure across various sectors is the primary target, with potential for espionage, data theft, and network disruption.
  • Organizations are strongly advised to update security protocols, especially for SNMP, and implement robust access controls.

Global Alert: Russian Hackers Exploit Router Weaknesses

An urgent international advisory has been released, spearheaded by the United Kingdom and its cybersecurity allies, concerning Russian state-backed hacking groups actively compromising inadequately secured routers and network devices worldwide.

Table Of Content

  • Key Takeaways
  • Global Alert: Russian Hackers Exploit Router Weaknesses
  • FSB Unit Targets Critical Infrastructure
  • What You Should Do

The warning specifically identifies Center 16, a cyber division affiliated with Russia’s Federal Security Service (FSB), as the primary perpetrator. This unit has been observed conducting extensive scans across the internet to pinpoint and exploit vulnerable network infrastructure.

The National Cyber Security Centre (NCSC), an arm of GCHQ, spearheaded the publication of this critical advisory. Partnering agencies included those from the United States, Australia, Canada, Poland, France, Finland, Sweden, and New Zealand, underscoring the global nature of this threat.

These agencies collectively cautioned that Center 16 is systematically capitalizing on misconfigurations, outdated communication protocols, and previously identified security flaws within network hardware.

Center 16 is known by several other monikers within the cybersecurity community, including Berserk Bear, Energetic Bear, Crouching Yeti, Dragonfly, Ghost Blizzard, and Static Tundra.

FSB Unit Targets Critical Infrastructure

Historically, this threat actor has focused its malicious activities on critical national infrastructure and entities within vital sectors such as communications, defense, energy, financial services, healthcare, and governmental organizations.

According to the joint advisory, the group specifically seeks routers exposed to the public internet that utilize default, weak, or recycled credentials for the Simple Network Management Protocol (SNMP).

SNMP is a widely used protocol for monitoring and managing network devices. However, older versions, when not properly secured, can inadvertently expose sensitive information, including community strings, which can be exploited by attackers.

Russian operatives have predominantly relied on SNMP scanning to discover accessible routers and subsequently gain unauthorized control over vulnerable devices.

Beyond SNMP exploitation, Center 16 has also been observed leveraging known Cisco vulnerabilities, specifically weaknesses associated with Cisco Smart Install, and various flaws present in web-based management portals.

Once a router is compromised, attackers can exploit it for a variety of nefarious purposes, including monitoring network traffic, redirecting communications, stealing login credentials, establishing persistent access, or penetrating deeper into a target’s internal network.

The NCSC urged organizations to immediately enhance router security practices and minimize their unnecessary exposure to the internet.

The advisory strongly recommends upgrading from legacy SNMP versions to SNMPv3, which offers significantly improved authentication and encryption capabilities.

Furthermore, organizations should disable SNMP where it is not essential, implement unique and robust passwords for every network device, and restrict administrative protocol access through network segmentation, access control lists (ACLs), and dedicated, trusted management networks.

Jonathon Ellison, NCSC Director of National Resilience, emphasized that Russian cyber actors relentlessly pursue and exploit any discovered vulnerabilities. He urged organizations, particularly those managing critical UK networks, to swiftly adopt the recommended mitigations to reduce their risk of compromise.

This warning coincides with recent sanctions imposed by the UK on individuals and entities implicated in destructive Russian cyber and hybrid operations, including criminal proxy networks linked to Russian intelligence agencies.

Both the UK and EU member states have also formally attributed the December cyberattack against Poland’s energy grid to the FSB’s Center 16. Authorities stated that this incident, had it been successful, possessed the potential to disrupt electricity supplies for civilian populations.

Organizations are further encouraged to pursue Cyber Essentials certification and utilize the updated Cyber Assessment Framework to evaluate their cybersecurity maturity, pinpoint weaknesses, and bolster their resilience against state-sponsored threats.

What You Should Do

  • Upgrade SNMP: Migrate from older SNMP versions (v1, v2c) to SNMPv3, which provides robust authentication and encryption.
  • Disable Unused SNMP: Turn off SNMP functionality entirely on devices where it is not strictly necessary.
  • Strengthen Credentials: Implement unique, complex passwords or passphrases for all network devices and administrative interfaces. Avoid default or weak credentials.
  • Restrict Administrative Access: Use network segmentation, firewalls, and Access Control Lists (ACLs) to limit access to management interfaces (like SNMP, SSH, web portals) to only trusted administrative networks and specific IP addresses.
  • Regularly Patch and Update: Ensure all router firmware and network device software are kept up-to-date with the latest security patches from vendors.
  • Review Configurations: Periodically audit router and network device configurations to identify and remediate any misconfigurations or default settings that could be exploited.
  • Implement Multi-Factor Authentication (MFA): Where available, enable MFA for administrative access to network devices.
  • Monitor Network Traffic: Implement robust network monitoring to detect unusual activity or unauthorized access attempts to your routers and critical network infrastructure.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCybersecurityExploitHackerSecurityThreat

Share Article

Emy Elsamnoudy

Emy Elsamnoudy

Emy is a cybersecurity analyst and reporter specializing in threat hunting, defense strategies, and industry trends. With expertise in proactive security measures, Emily covers the tools and techniques organizations use to detect and prevent cyber attacks. She is a regular speaker at security conferences and has contributed to industry reports on threat intelligence and security operations. Emily's reporting focuses on helping organizations improve their security posture through practical, actionable insights.

Previous Post

SAP Patches Critical NetWeaver Memory Corruption Flaw CVE-2026-XXXXX

Next Post

CISA Warns of Active Exploitation of Critical Cisco IOS XE Bug CVE-2023-20198

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Qilin Ransomware Abuses Active Directory Replication with DCSync Attacks
July 14, 2026
CISA Warns of Active Exploitation of Critical Cisco IOS XE Bug CVE-2023-20198
July 14, 2026
UK and Allies Warn of Russian Hackers Exploiting Routers Worldwide
July 14, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us