Skip to content
CISA Joins NSA, FBI, DC3 and International Partners Warning of Russian Cyber Threat Activity Targeting Communications, Energy, Government and Other Critical Infrastructure Sectors

CISA Joins NSA, FBI, DC3 and International Partners Warning of Russian Cyber Threat Activity Targeting Communications, Energy, Government and Other Critical Infrastructure Sectors

  • by

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with National Security Agency (NSA), Federal Bureau of Investigation (FBI), Defense Cyber Crime Center (DC3), and international partners, released a joint cybersecurity advisory, Improve Router Hygiene to Protect Against Russian State-Sponsored Targeting. The advisory warns that Russian cyber threat actors are targeting vulnerable networking devices in critical infrastructure sectors globally, especially communications, defense industrial base, energy, financial services, government services and facilities, and healthcare and public health.

Led by NSA, the advisory highlights how threat actors primarily leverage poorly configured routers but are also known to exploit common vulnerabilities and exposures (CVEs) to gain unauthorized access, exfiltrate sensitive configurations, and facilitate malicious activity. To defend against these threats, the advisory outlines actionable mitigation steps, such as:

  • Restrict access to management interfaces and firewall devices
  • Adopt stronger authentication and data encryption protocols
  • Secure weak and vulnerable internet-facing systems  
  • Monitor for suspicious activity

“CISA continues to work with domestic and global partners to highlight the ongoing threat of nation-state actors targeting vulnerable network devices,” said Acting Executive Assistant Director for Cybersecurity Chris Butera. “The advisory provides a timely and urgent reminder of actions for critical infrastructure owners and operators to counter Russian state-sponsored activity. CISA urges network defenders to implement mitigation and remediation measures to reduce your attack surface and risk of exploitation.”  

“Russian state-sponsored cyber actors have spent years quietly extracting configuration data from poorly configured routers across critical infrastructure,” said Assistant Director Brett Leatherman of the FBI’s Cyber Division. “This advisory gives network defenders the visibility to spot this activity and the mitigations to counter it. The FBI will work with our partners to continue to expose this tradecraft and hold these actors accountable.”

The advisory builds upon the FBI’s August 2025 public service announcement, Russian Government Cyber Actors Targeting Networking Devices, Critical Infrastructure, which details malicious cyber activity attributed to the Russian Federal Security Service (FSB) Center 16.

Alongside the NSA, CISA, FBI, and DC3, additional co-sealing partners include:

  • Australian Signals Directorate’s Australian Cyber Security Centre
  • Communications Security Establishment Canada’s Canadian Centre for Cyber Security
  • New Zealand National Cyber Security Centre
  • United Kingdom National Cyber Security Centre
  • Czech Republic National Cyber and Information Security Agency
  • Danish Defence Intelligence Service
  • Estonian Foreign Intelligence Service
  • Estonian Information System Authority
  • Finnish Defence Intelligence 
  • Finnish Security and Intelligence Service
  • French National Cybersecurity Agency
  • Italian External Intelligence and Security Agency
  • Italian Internal Intelligence and Security Agency  
  • The Military Counterintelligence Service of Poland
  • Sweden National Cyber Security Centre

For more information, please visit Russia Threat Overview and Advisories.

###

About CISA

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to manage, uncover, and reduce risk to our digital and physical infrastructure Americans rely on every hour of every day. 

Visit CISA.gov for more information and follow us on XFacebookLinkedInInstagram



Source link