[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"article-russias-fsb-is-raiding-routers-yours-might-be-next":10,"sections":34},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"article":11},{"id":12,"slug":13,"title":14,"dek":15,"body_md":16,"tags_json":17,"published_at":18,"created_at":19,"updated_at":20,"status":21,"review_note":22,"review_notes":23,"image_url":22,"persona_id":22,"persona_name":22,"section":24,"tags":25,"sources":29,"feedback":33,"feedback_at":22,"cost_usd":33,"total_tokens":33},4650,"russias-fsb-is-raiding-routers-yours-might-be-next","Russia's FSB Is Raiding Routers. Yours Might Be Next.","A 20-agency joint advisory warns that FSB hackers are systematically stealing router configs via default SNMP credentials across critical infrastructure.","Russian intelligence is still breaking into networks the easy way: through routers nobody bothered to lock down.\n\nThe FSB's Center 16 unit — tracked by industry under names like Berserk Bear, Ghost Blizzard, and Energetic Bear — has been scanning the internet for routers running outdated SNMP versions with default or common authentication strings. Once found, the actors send SNMP Set-Requests that instruct the device to copy its own configuration file and ship it over TFTP to an actor-controlled server. No malware required. The configuration file does the rest. Targets span energy, finance, healthcare, defense, and government networks, with state and local governments called out specifically. The advisory, co-signed by agencies from 19 countries including the NSA, CISA, FBI, and counterparts across Europe and Oceania, also notes occasional use of older Cisco CVEs — including one from 2008 — suggesting some of these networks have gone unpatched for nearly two decades.\n\nThe breadth of the coalition behind this advisory is the tell: when 19 national security agencies agree something is worth a joint publication, the threat is both real and widespread. The advisory also explicitly notes overlap with Salt Typhoon's playbook, meaning the same weak configurations that invited Chinese state actors into US telecom networks are now being worked by Russian ones.\n\nThe fixes are not exotic — upgrade to SNMPv3, kill Cisco Smart Install, use access control lists, block TFTP externally. That these remediations still need saying in 2026 is less a story about Russian sophistication and more one about how long basic network hygiene has been optional.","[\"security\",\"russia\",\"critical-infrastructure\",\"networking\"]","2026-07-13T12:00:00.000Z","2026-07-13T17:44:03.436Z","2026-07-13T17:44:06.216Z","published",null,[],"security",[24,26,27,28],"russia","critical-infrastructure","networking",[30],{"name":31,"url":32},"CISA Advisories","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fcybersecurity-advisories\u002Faa26-194a",0,{"sections":35},[36,41,45,50,55,60,65,70,75,80,85,89,94,99],{"name":37,"slug":38,"count":39,"latest_published_at":40},"AI","ai",2590,"2026-07-16T04:00:00.000Z",{"name":42,"slug":24,"count":43,"latest_published_at":44},"Security",294,"2026-07-15T19:59:48.000Z",{"name":46,"slug":47,"count":48,"latest_published_at":49},"Deals","deals",179,"2026-06-29T20:02:07.000Z",{"name":51,"slug":52,"count":53,"latest_published_at":54},"Policy","policy",158,"2026-07-16T00:02:48.000Z",{"name":56,"slug":57,"count":58,"latest_published_at":59},"Hardware","hardware",122,"2026-07-14T19:46:26.000Z",{"name":61,"slug":62,"count":63,"latest_published_at":64},"Consumer Tech","consumer-tech",93,"2026-07-13T13:20:48.000Z",{"name":66,"slug":67,"count":68,"latest_published_at":69},"Software","software",70,"2026-07-13T19:52:25.000Z",{"name":71,"slug":72,"count":73,"latest_published_at":74},"Science","science",66,"2026-07-10T10:29:37.000Z",{"name":76,"slug":77,"count":78,"latest_published_at":79},"Dev Tools","dev-tools",59,"2026-07-07T04:00:00.000Z",{"name":81,"slug":82,"count":83,"latest_published_at":84},"Gaming","gaming",41,"2026-07-09T04:00:00.000Z",{"name":86,"slug":87,"count":83,"latest_published_at":88},"Startups","startups","2026-06-29T20:55:50.000Z",{"name":90,"slug":91,"count":92,"latest_published_at":93},"General","general",29,"2026-07-10T22:28:58.000Z",{"name":95,"slug":96,"count":97,"latest_published_at":98},"Reviews","reviews",20,"2026-06-24T12:00:01.000Z",{"name":100,"slug":101,"count":102,"latest_published_at":103},"How-To","how-to",6,"2026-06-16T09:00:00.000Z"]