Published Tuesday, July 14, 2026 at 01:38 AM PT

BLUF: NSA, CISA, FBI, and allied governments have issued urgent guidance on router hardening following confirmed exploitation activity by FSB Center 16 (Russian state intelligence) against U.S. and global critical infrastructure sectors. All critical infrastructure operators must immediately audit and secure router configurations, credentials, and firmware. This represents active, ongoing threat activity.
DETAILS:
- NSA, CISA, FBI, and international partners (including UK NCSC) have jointly attributed router compromise campaigns to FSB Center 16, Russia’s signals intelligence agency
- Threat actors are exploiting vulnerable routers to establish persistent network access and enable lateral movement into critical infrastructure networks
- Attack vector focuses on weak credentials, unpatched firmware, and default configurations on edge network devices
- Campaign targets multiple critical sectors including energy, logistics, and technology companies
- Related pro-Russia hacktivist activity has been observed conducting opportunistic attacks against U.S. and global critical infrastructure concurrently
IMPACT:
- Scope: U.S. critical infrastructure and allied nations’ networks
- Affected Sectors: Energy, transportation/logistics, technology, communications
- Risk Level: High β router compromise enables persistent access, DNS hijacking, data exfiltration, and supply chain attacks
- Uncertainty Note: Specific compromised router models/vendors not fully detailed in available guidance; CISA has separately flagged Fortinet devices requiring hardening
RECOMMENDED ACTIONS:
- Immediate: Inventory all edge routers; verify non-default credentials and disable unused administrative access
- Within 24 hours: Apply latest firmware patches; review router logs for unauthorized access attempts or configuration changes
- Within 72 hours: Implement network segmentation to limit router compromise impact; enable logging and monitoring on all edge devices
- Ongoing: Monitor CISA alerts and NSA/NCSC advisories for vendor-specific guidance
SOURCES: NSA, CISA, FBI, UK NCSC joint advisory; CISA Current Activity alerts; related GRU/APT28 reporting
