Tuesday, 14 July 2026
Rīga TV

World and Latvian news in one place

TechnologyPublished: 14 July 2026 at 04:37

US warns of Russian hackers targeting routers

The US government, alongside international partners, warns that Russian state hackers are mass-compromising home and small office routers to obscure attacks on sensitive organizations.

Foto: Ars Technica

The Cybersecurity and Infrastructure Security Agency (CISA) issued a warning on Monday stating that Russian Federal Security Service (FSB) Center 16 cyber actors continue to exploit poorly configured and vulnerable networking devices worldwide, opportunistically compromising multiple critical infrastructure sector networks.

The hacking groups are tracked under various names, including Berserk Bear, Energetic Bear, Crouching Yeti, Dragonfly, Ghost Blizzard, and Static Tundra. The advisory was co-issued by governments from Australia, Denmark, New Zealand, and the UK.

The primary means of compromise involves hackers scanning IP ranges with active Simple Network Management Protocol (SNMP) agents that accept common or default authentication credentials. These scans are run by the very router botnets the actors are trying to enroll the targeted device in. By sending malicious traffic from spoofed addresses, the hackers can use the SNMP agent on poorly configured routers to run malware.

Both the Russian and Chinese governments have been compromising routers for years, sometimes in prolonged tugs-of-war to wrest control of devices the other has already commandeered. The US government has occasionally issued covert commands and taken other steps to disinfect routers. Google and other companies have also worked to disrupt the massive botnets that control compromised routers. However, these actions are little more than whack-a-mole exercises, as operators simply replace their botnets with new ones.

Comments

0/1500

Comments are automatically moderated. No hate, threats, personal data or spam.

Loading comments…

More in this category