A joint advisory from the NSA, FBI, CISA and nearly 20 allied agencies said Russian FSB-linked hackers are still exploiting vulnerable internet routers used by businesses and critical infrastructure worldwide.
The campaign scans for outdated or poorly secured devices, then steals router configuration files that can expose administrator credentials, network layouts and paths into deeper parts of a victim’s network.
Financial services, energy, communications, healthcare, government and defense industrial base organizations have been affected, with officials saying many intrusions stem from weak “router hygiene” such as default passwords and unnecessary remote access.
Agencies said basic defenses—patching router software and firmware, strengthening authentication, restricting management access and replacing legacy settings—can block many of the attacks.
The warning builds on earlier FBI alerts, describing a more than decade-long espionage effort also tracked as Dragonfly, Energetic Bear and Ghost Blizzard.
With Russia exploiting basic security flaws, are sanctions enough to protect our critical networks?
Why do decade-old hacking techniques still threaten the world’s most critical infrastructure?
As Russia's hybrid war continues, how is cyber espionage shaping the future of global conflict?
Russian FSB Center 16 Launches Global Router Attacks: Critical Infrastructure at Immediate Risk
Overview
On July 13, 2026, a broad international coalition issued an urgent warning about ongoing attacks targeting global routers and networking devices, especially those in critical infrastructure. These attacks are led by Russia's Federal Security Service (FSB) Center 16, a group known by many aliases such as Berserk Bear and Dragonfly. FSB Center 16 uses advanced tools and coordinated campaigns to exploit any vulnerability they find. The coalition urges device owners and network defenders worldwide to review the advisory and quickly implement mitigation and remediation actions to protect against this severe and immediate threat.