The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a joint advisory with allies from Australia, Denmark, New Zealand, and the United Kingdom. It warns that actors linked to Russia's Federal Security Service (FSB) are systematically targeting home and small office routers.
The hackers, tracked as groups including Berserk Bear and Dragonfly, exploit devices with weak or default credentials. They scan for vulnerable Simple Network Management Protocol (SNMP) agents to install malware and enslave devices into large proxy networks.
These compromised routers are then used to hide malicious activity against sensitive organizations in both the public and private sectors. The advisory notes this is part of a long-running campaign, with both Russian and Chinese state actors engaged in persistent efforts to control internet infrastructure.