Published Monday, July 13, 2026 at 07:36 PM PT

BLUF: NSA, FBI, and CISA confirm Russian-linked threat actors are actively compromising critical infrastructure networks across North America and Europe by exploiting vulnerable and misconfigured routers. Immediate action required: deploy latest security patches on all edge network devices and audit router configurations for exposure.
DETAILS
- Confirmed threat actors: Russian state-sponsored groups conducting network intrusions against critical infrastructure targets in North America and Europe
- Attack vector: Exploitation of vulnerable and misconfigured routers; attackers gaining initial network access through unpatched devices
- Scope of activity: Multiple confirmed intrusions; specific sectors and number of compromised entities not yet disclosed by authorities
- Vulnerabilities in active exploitation: GreyNoise tracking indicates 9 of 12 vulnerabilities referenced in related government advisories are currently being actively probed in the wild
- Attribution basis: Joint warning from NSA, FBI, and CISA; corroborated by UK NCSC and allied intelligence services
IMPACT
Critical infrastructure operators across energy, logistics, technology, and other essential sectors are at elevated risk. Router compromise provides attackers persistent network access and potential lateral movement capability into operational technology environments. Scope extends across US, Canada, and European Union territories.
RECOMMENDED ACTIONS
- Immediate: Inventory all edge network devices (routers, firewalls, VPN appliances) and cross-reference against known vulnerable models
- Within 24 hours: Apply latest manufacturer security patches to all internet-facing network devices; prioritize devices with remote management capabilities enabled
- Within 48 hours: Audit router configurations for unnecessary services, default credentials, and exposed management interfaces
- Ongoing: Monitor for indicators of compromise; enable enhanced logging on network perimeter devices
- Escalate: Report any suspected intrusions to CISA (central@cisa.dhs.gov) or FBI field office
SOURCES
NSA, FBI, CISA joint advisory; CSO Online; BleepingComputer; CyberScoop; UK NCSC; GreyNoise Intelligence
