# Global Advisory Highlights Russian Cyber Threats to Critical Routers

*Published July 15, 2026*
*Source: [https://www.securityweek.com/us-allies-warn-of-russian-cyberattacks-targeting-critical-infrastructure-routers/](https://www.securityweek.com/us-allies-warn-of-russian-cyberattacks-targeting-critical-infrastructure-routers/)*

## Executive Summary

Russian state-sponsored hackers are targeting critical infrastructure worldwide by exploiting poorly secured routers, posing risks of espionage and disruption. The US and allied countries have issued a joint advisory to alert and guide organizations in mitigating these threats.

## Article

Russian state-sponsored hacking groups are actively targeting networking devices to compromise critical infrastructure globally, as warned by the United States and its allies. This joint advisory involves nations such as Australia, Canada, the Czech Republic, Denmark, Estonia, Finland, Italy, New Zealand, Poland, Sweden, and the UK. The advisory outlines that Russian threat actors such as Berserk Bear, Energetic Bear, and others are scanning for poorly secured routers to exploit them. These activities are affecting sectors including communications, defense, energy, finance, government, and healthcare. 

The attackers utilize proxies to send Simple Network Management Protocol set-requests to various IP ranges, instructing targeted devices to copy and transfer configurations to remote servers. Additionally, known vulnerabilities in Cisco devices, including CVE-2008-4128 and CVE-2018-0171, are being exploited to execute arbitrary code. The advisory also notes that these tactics overlap with activities by other malicious cyber actors. 

To counter these threats, network defenders are advised to disable Cisco Smart Install, upgrade to SNMPv3 with modern encryption, and ensure unique passwords and secure credentials. Monitoring for unauthorized logins, restricting access to SNMP Object Identifiers, and keeping firmware updated are crucial measures. The NSA has released an advisory to help reduce the risk of SNMP abuse.
