THE FSB Center 16, linked to Russian state actors, is exploiting vulnerable routers worldwide by using weak SNMP configurations and default credentials. Over 20 cybersecurity agencies, including NSA, CISA, and FBI, issued a warning detailing the ongoing strategy to target critical infrastructure across various sectors such as energy, finance, and healthcare. The main tactics involve scanning for devices running outdated SNMP versions, stealing configuration files, and sending them to remote servers.
Agencies recommend switching to SNMPv3, disabling unnecessary services, blocking certain protocols, and updating legacy systems to enhance security.