Circuit Wire — a daily news update from The Circuit.
The National Security Agency, CISA and the FBI released a joint advisory on July 13 warning that Russian state hackers are compromising poorly configured routers across critical infrastructure worldwide. The advisory attributes the activity to Center 16 of Russia's Federal Security Service, the FSB, and was co-sealed by cybersecurity and intelligence agencies from 13 countries, including Australia, Canada, New Zealand and the United Kingdom.
The actors scan the internet for network devices running old versions of the Simple Network Management Protocol with default or weak passwords. They then instruct the device to copy its configuration file and send it to servers they control. That hands the attackers stored credentials and a detailed map of the target network, which they use to move deeper.
The agencies named the sectors most at risk: communications, the defense industrial base, energy, financial services, government facilities, especially at the state and local level, and healthcare. The actors also exploit known flaws in Cisco equipment, including the Smart Install feature and a vulnerability first disclosed in 2018. Many of the affected devices are old or left with factory settings.
The advisory builds on an FBI public service announcement from August 2025 that described more than a decade of FSB Center 16 activity against networking devices. It also notes that the tactics overlap with those of other actors, such as the group tracked as Salt Typhoon. To harden networks, the agencies recommend disabling Cisco Smart Install, moving to the encrypted version 3 of the management protocol, using strong and unique passwords, and blocking the affected ports at the network edge.
Want a weekly roundup of the major stories shaping the security industry? The On The Circuit newsletter is read by more than 12,000 protection professionals.
Spotted something we should cover? Send tips and feedback via circuit-magazine.com.

