The UK, joined by international cybersecurity partners, has issued an urgent warning about Russian state-backed hackers targeting poorly secured routers and network devices worldwide.
The alert focuses on Center 16, a cyber unit linked to Russia’s Federal Security Service, or FSB, which has been actively scanning the internet for vulnerable infrastructure.
The National Cyber Security Center, part of GCHQ, published the advisory with agencies across countries, including the United States, Australia, Canada, Poland, France, Finland, Sweden, and New Zealand.
The agencies warned that the group is opportunistically exploiting weak configurations, outdated protocols, and known flaws in network equipment.
Center 16 is also tracked under several names, including Berserk Bear, Energetic Bear, Crouching Yeti, Dragonfly, Ghost Blizzard, and Static Tundra.
UK, Allies Warn of Russian Cyberattacks
The threat actor has historically targeted critical national infrastructure and organizations in communications, defense, energy, financial services, healthcare, and government sectors.
According to the joint advisory, the group searches for routers exposed to the internet that use default, weak, or reused Simple Network Management Protocol credentials.
Administrators commonly use SNMP to monitor and manage network devices. However, older versions can expose community strings and other sensitive information if they are not properly secured.
Russian operators have primarily relied on SNMP scanning to identify accessible routers and obtain control over vulnerable devices.
However, Center 16 has also exploited known Cisco vulnerabilities, weaknesses associated with Cisco Smart Install, and flaws in web-based management portals.
Once attackers compromise a router, they may use it to monitor traffic, redirect communications, steal credentials, establish persistence, or move deeper into a target network.
The NCSC urged organizations to immediately improve router hygiene and reduce unnecessary exposure to the internet.
The advisory recommends replacing legacy SNMP versions with SNMPv3, which provides stronger authentication and encryption.
Organizations should also disable SNMP where it is not needed, use unique, complex passwords for every network device, and restrict access to administrative protocols via network segmentation, access control lists, and trusted management networks.
Jonathon Ellison, NCSC Director of National Resilience, said Russian cyber actors persistently seek to exploit any weakness they discover.
He encouraged organizations, particularly operators of UK critical networks, to adopt the recommended mitigations quickly to lower the risk of compromise.
The warning was released as the UK sanctioned individuals and entities linked to destructive Russian cyber and hybrid operations, including criminal proxy networks associated with Russian intelligence services.
The UK and EU member states also formally attributed the December cyberattack against Poland’s energy grid to FSB Center 16. Authorities said the incident could have disrupted electricity supplies for civilians if it had succeeded.
Organizations are further encouraged to obtain Cyber Essentials certification and use the updated Cyber Assessment Framework to evaluate cybersecurity maturity, identify weaknesses, and strengthen resilience against state-backed threats.
Strengthen Your SOC by Accelerating Threat Detection & Rapid Investigations. -> Integrate ANY.RUN With Your SOC Now.
The post UK and Allies Warn of Russian Hackers Actively Hacking Organizations’ Routers Worldwide appeared first on Cyber Security News.



