PI Global Investments
Infrastructure

Russian State-Backed Hackers Target Vulnerable Routers in Critical Infrastructure, Agencies Warn


Attack focuses on basic security weaknesses

In prepared media comments, Matthew Hartman, chief strategy officer at Merlin Group, said the tactics outlined in the advisory are well established but remain relevant because of their continued effectiveness.

“The techniques in this advisory are not new, however, the breadth of international attribution should remove any doubt that this remains an active and coordinated threat to critical infrastructure,” Hartman said. He added that organizations should prioritize internet-facing network infrastructure by eliminating default credentials, restricting management interfaces and monitoring and patching routers as they would other critical systems.

Louis Eichenbaum, federal CTO at ColorTokens, said sophisticated threat actors continue to capitalize on fundamental security shortcomings.

“The most important takeaway from this campaign is that sophisticated adversaries continue to exploit relatively basic weaknesses because they know those weaknesses still exist,” Eichenbaum said, noting that legacy operational technology environments often continue to rely on default credentials, exposed management interfaces and flat network architectures.

Eichenbaum recommended organizations inventory routers, switches, firewalls and other network devices, remove default SNMP community strings, implement SNMPv3 with authentication and encryption, disable TFTP where possible and replace it with more secure alternatives such as SCP or SFTP. He also pointed to identity-based microsegmentation as a way to limit lateral movement if a perimeter device is compromised.

Experts emphasize foundational cyber hygiene

John Gallagher, vice president at Viakoo, described the campaign as opportunistic rather than highly targeted.

“These attacks work purely from a numbers perspective,” Gallagher said. “It’s an opportunistic campaign looking for poor cyber hygiene.”

Gallagher recommended disabling Cisco Smart Install, migrating to SNMPv3, restricting management access, keeping firmware current and maintaining regular password and certificate rotation policies.

The joint advisory also recommends disabling legacy SNMPv1 and SNMPv2 where possible, using strong unique passwords, limiting management protocol access through access control lists, blocking unnecessary external communications over SNMP, TFTP and Cisco Smart Install ports, and keeping network devices updated with the latest firmware and security patches.



Source link

Related posts

AI will reshape financial markets with real-time risk monitoring, says SBI chairman CS Setty

D.William

The frontline of resilience: Critical infrastructure as sovereign capability

D.William

Dr. B.R. Ambedkar’s Blueprint for Modern India’s Infrastructure and Economy

D.William

Leave a Comment