A joint cybersecurity advisory from the United States and 12 allied nations was released this week warning critical infrastructure operators that Russian state-sponsored hackers from Federal Security Service (FSB) Center 16 are actively exploiting poorly configured and vulnerable networking devices to break into systems.
The threat group, also known as Berserk Bear, Energetic Bear, Crouching Yeti, Dragonfly, Ghost Blizzard and Static Tundra, has been scanning the internet for routers with default or weak passwords, or unpatched old Cisco vulnerabilities.
The agencies “strongly urge device owners and network defenders to take mitigation and remediation actions against Russian government-sponsored exploitation of vulnerable routers.”
The industries that have been targeted include: “communications, defense industrial base, energy, financial services, government services and facilities, especially organizations at the state and local level, and healthcare and public health.” The advisory provides details of techniques used, and mitigation actions to deploy. Tracking these techniques and applying the mitigation actions should be a priority for critical infrastructure organizations.