Nine nations warn: Russian hackers are scanning your router right now
A joint advisory from nine countries — including Australia — warns that Russian state-backed hackers are actively scanning the internet for routers with default or weak SNMP passwords, then quietly copying device configurations to steal network intelligence.
The advisory, published Sunday and co-authored by the NSA, FBI, CISA, and Australia’s ASD alongside agencies from the UK, Canada, New Zealand, Estonia, Finland, France, and Italy, attributes the attacks to FSB Centre 16 (also tracked as Berserk Bear and Dragonfly). The group targets energy, financial services, healthcare, and government networks — but the technique works on any router left running factory SNMP credentials.
Why this matters for Australian businesses
We audit router configurations across dozens of SMB clients, and default SNMP community strings like “public” and “private” are still disturbingly common — especially on older Cisco gear, ISP-supplied units, and hardware in regional offices that hasn’t been touched since install. If an attacker can read your router config, they can map your internal network, find VPN credentials, and identify every connected device. That’s a full reconnaissance package without ever touching a firewall.
What to do today
Change default SNMP community strings or — better yet — upgrade to SNMPv3 with authentication and encryption. If you use Cisco gear, disable the Smart Install feature (it’s been exploited since 2018 and most businesses don’t need it). Block inbound SNMP and TFTP traffic at your edge firewall. And if any of your network gear is end-of-life with no firmware updates available, it’s time to replace it.
If you’re not sure what’s running on your network edge, get in touch — a quick audit is the fastest way to close these gaps before someone else finds them.
Related Guide
Cybersecurity for Sydney SMBs
Explore our complete guide to protecting your business from cyber threats.
