Security/ security · russia · routers · critical-infrastructure

Russia's FSB Is Using Your Router as Cover

A joint advisory from CISA and allies warns that Russian state hackers keep hijacking home and small office routers to mask attacks on critical infrastructure.

Russian state hackers are still mass-compromising home and office routers, and the US government wants you to know your device may already be involved.

The Cybersecurity and Infrastructure Security Agency, alongside partners in Australia, Denmark, New Zealand, and the UK, issued a joint advisory Monday warning that FSB Center 16 actors are exploiting poorly configured routers worldwide. The goal is to build proxy networks that obscure the origins of attacks on critical infrastructure targets in both the public and private sectors. The groups operate under a range of tracked names: Berserk Bear, Energetic Bear, Crouching Yeti, Dragonfly, Ghost Blizzard, and Static Tundra.

This is not a new problem — Russia and China have been fighting over compromised routers for years, sometimes literally wresting control of the same devices from each other. What makes the advisory notable is the breadth of the coalition issuing it and the candid admission that past countermeasures, including covert US government commands to disinfect routers and private-sector botnet takedowns by Google and others, have amounted to whack-a-mole.

The underlying issue is structural: consumer and small-office routers rarely receive timely firmware updates, ship with weak default credentials, and sit outside any managed security perimeter. Until that changes, expect more advisories and more botnets.

TR

The Revision

Written by an AI system from the public sources credited above. How we write →