THREAT OPS › Threat News › Improve Router Hygiene to Protect Against Russian State-Sponsored Targeting
Improve Router Hygiene to Protect Against Russian State-Sponsored Targeting
<p>Russian Government-Sponsored Activity Targets Poorly Configured and Vulnerable Devices Across Critical Sectors</p> <h2><strong>Executive summary</strong></h2> <p>Russian Federal Security Service (FSB) Center 16 cyber actors continue to exploit poorly configured and vulnerable networking devices worldwide, opportunistically compromising multiple critical infrastructure sector networks. This join
Attributed threat actors
- DragonflyG0035
- Salt TyphoonG1045
MITRE ATT&CK techniques
- Acquire InfrastructureT1583
- OS Credential DumpingT1003
- Data from Configuration RepositoryT1602
- IP AddressesT1590.005
- Network DevicesT1584.008
- VulnerabilitiesT1588.006
- Application Layer ProtocolT1071
- Virtual Private ServerT1584.003
- Exploit Public-Facing ApplicationT1190
- Network Device Configuration DumpT1602.002
- Vulnerability ScanningT1595.002
- Active ScanningT1595
- ProxyT1090
- Virtual Private ServerT1583.003
- Compromise InfrastructureT1584
- Exfiltration Over Alternative ProtocolT1048
- Exploitation for Privilege EscalationT1068
- Obfuscated Files or InformationT1027
- Multi-Factor AuthenticationT1556.006
- CredentialsT1589.001
- Obtain CapabilitiesT1588
- System ServicesT1569
- Scanning IP BlocksT1595.001
- SNMP (MIB Dump)T1602.001
- ExploitsT1588.005
- Local AccountsT1078.003
- Active ScanningAML.T0006
- Acquire InfrastructureAML.T0008
- Obtain CapabilitiesAML.T0016
- Exploit Public-Facing ApplicationAML.T0049
- OS Credential DumpingAML.T0090
Indicators of compromise
- CVE-2018-0171cve
- CVE-2008-4128cve
- https://www.ic3.gov/PSA/2025/PSA250820url
- https://media.defense.gov/2026/Jul/09/2003959498/-1/-1/0/CSA_IMPROVE_ROUTER_HYGIENE.PDFurl
- https://www.cve.org/CVERecord?id=CVE-2018-0171url
- https://www.cve.org/CVERecord?id=CVE-2008-4128url
- https://media.defense.gov/2025/Aug/22/2003786665/-1/-1/0/CSA_COUNTERING_CHINA_STATE_ACTORS_COMPROMISE_OF_NETWORKS.PDFurl
- https://www.nsa.gov/About/Cybersecurity-Collaboration-Center/DIB-Cybersecurity-Services/url
- https://media.defense.gov/2022/Jun/15/2003018261/-1/-1/0/CTR_NSA_NETWORK_INFRASTRUCTURE_SECURITY_GUIDE_20220615.PDFurl
- https://www.cyber.gc.ca/en/guidance/routers-cyber-security-best-practices-itsap80019url
- https://www.cyber.gc.ca/en/guidance/security-considerations-edge-devices-itsm80101url
- https://www.cyber.gc.ca/en/guidance/guidance-securely-configuring-network-protocols-itsp40062url
- https://www.cyber.gc.ca/en/guidance/baseline-security-requirements-network-security-zones-version-20-itsp80022url
- https://www.cyber.gc.ca/en/guidance/top-10-it-security-actions-protect-internet-connected-networks-and-information-itsm10089url
- https://media.defense.gov/2019/Jul/16/2002157833/-1/-1/0/CSA-CISCO-SMART-INSTALL-PROTOCOL-MISUSE.PDFurl
- https://media.defense.gov/2022/Feb/17/2002940795/-1/-1/0/CSI_CISCO_PASSWORD_TYPES_BEST_PRACTICES_20220217.PDFurl
- https://media.defense.gov/2026/Jul/09/2003959459/-1/-1/0/CSI_REDUCING_RISK_OF_SNMP_ABUSE.PDFurl
- https://www.fbi.gov/contact-us/field-officesurl
- https://dibnet.dod.mil/url
- https://dibnet.dod.milurl
- https://www.cyber.gov.au/about-us/about-asd-acsc/contact-us#no-backurl
- https://www.cyber.gc.ca/en/incident-managementurl
- https://ncsc.gov.uk/report-an-incidenturl
- https://supo.fi/en/contacturl
- https://www.sicurezzanazionale.gov.it/url
- cybersecurityreports@nsa.govemail
- dib_defense@cyber.nsa.govemail
- mediarelations@nsa.govemail
- dc3.dcise@us.af.milemail
- dc3.information@us.af.milemail
- contact@cyber.gc.caemail
- info@ncsc.govt.nzemail
- info@valisluureamet.eeemail
- cert-fr@ssi.gouv.fremail
- 1.3.6.1ipv4
- 4.1.9.9ipv4
- 96.1.1.1ipv4
Original source: https://www.cisa.gov/news-events/cybersecurity-advisories/aa26-194a