Russian hackers exploiting vulnerable internet routers, NSA warns
Key Points:
- The NSA, FBI, CISA, and allied cybersecurity agencies have issued a joint advisory warning that Russian government-backed hackers, linked to the FSB, are targeting internet routers used by businesses and critical infrastructure sectors.
- These hackers exploit vulnerable or poorly configured networking devices to quietly copy configuration files containing sensitive information like administrator credentials and network layouts, enabling deeper network access.
- Affected sectors include financial services, energy, communications, healthcare, government, and defense industrial base, which are vital to the U.S. economy and critical infrastructure.
- The advisory emphasizes that many attacks can be prevented by basic cybersecurity practices such as updating router software, replacing default passwords, disabling unnecessary remote management, and using stronger authentication methods.
- The campaign has persisted for over a decade and is tracked under various names like "Dragonfly" and "Energetic Bear," with the warning highlighting the ongoing global threat posed by these sophisticated hacking groups.