THE US and allied governments have issued warnings regarding Russian state-sponsored Advanced Persistent Threat (APT) groups targeting poorly secured network devices, particularly routers, to compromise critical infrastructure globally. These threats are linked to Russian FSB Center 16 and involve techniques like scanning for exposed SNMP services with weak credentials and exploiting known vulnerabilities in Cisco devices.
Recommendations for securing these devices include disabling Cisco's Smart Install, using SNMPv3, enforcing strong password policies, and monitoring network activity. Protection strategies are suggested to help organizations defend against these and other similar threats.