Find notable cyber news and cases, enriched with sources, timelines, and signals.

Russian FSB Center 16 router intrusion campaign

Campaign
First reported
Last updated
Happening score
H score 40
1 unique sources, 1 articles

Summary

Hide ▲

A Russian FSB Center 16 campaign is targeting vulnerable and poorly configured routers to infiltrate critical infrastructure networks, raising the risk of device takeover and configuration theft. The operation uses SNMP scans, spoofed-source commands, and TFTP exfiltration to copy router configuration files and move them to actor-controlled servers. The activity is broad enough to affect energy, communications, healthcare, financial services, defense, and government targets.

Related Happenings

NSA/FBI/CISA router hardening advisory

Advisory/Mitigation
H score33 First: 13.07.2026 12:32 Last: 13.07.2026 12:32 Sources 1

How related: The authoring cybersecurity also provided mitigation measures to help network defenders harden their networks against these attacks, urging them to upgrade to SNMPv3, disable Cisco Smart Install, enforce strong unique passwords, block TFTP and SNMP traffic at edge firewalls, update software and firmware, and replace end-of-life devices.

About this happening: **NSA, FBI, CISA** and 15 allied agencies issued a **joint router hardening advisory** after hackers targeted **vulnerable and poorly configured routers** in **critical infrastruc...

Foreign-run botnets relaying traffic through infected Canadian devices

Malware Activity
H score22 First: 22.06.2026 12:11 Last: 22.06.2026 12:11 Sources 1

About this happening: The public ruling confirms **two foreign-run botnets** used **infected Canadian devices** as traffic relays, a setup that can conceal probing of **critical infrastructure, governm...

AryStinger legacy-router reconnaissance and proxy network

Malware Activity
H score61 First: 22.06.2026 09:57 Last: 22.06.2026 09:57 Sources 1

About this happening: The **AryStinger** malware family is building a **distributed reconnaissance and proxy network** from legacy routers and NAS appliances, expanding a covert relay layer that helps...

Earth Lusca Operation FishMedley espionage campaign

Campaign
H score38 First: 16.06.2026 12:44 Last: 16.06.2026 12:44 Sources 1

About this happening: A **multi-country espionage campaign** tied to **Earth Lusca / FishMonger** is now linked to **Operation FishMedley**, a **January–October 2022** effort that reached **seven organ...

GreyVibe AI-assisted cyberespionage campaign targeting Ukraine-linked organizations

Campaign
H score39 First: 29.05.2026 01:24 Last: 29.05.2026 01:24 Sources 1

About this happening: **GreyVibe** is running an **AI-assisted cyberespionage campaign** against **Ukrainian and Ukraine-related organizations**, expanding the threat to military, government, civilian,...

Timeline

  1. 13.07.2026 12:32 2 articles · 2h ago

    Russian FSB Center 16 targets routers with SNMP scans and TFTP exfiltration

    Initial Disclosure

    NSA, FBI, CISA, and 15 other agencies from allied countries warned that Russian Federal Security Service (FSB) Center 16, tracked as Berserk Bear, Energetic Bear, Crouching Yeti, Dragonfly, Ghost Blizzard, and Static Tundra, is scanning internet-connected routers that accept default or common SNMP strings, issuing spoofed-IP commands to copy device configuration files, and exfiltrating them via TFTP to actor-controlled servers. The advisory said the activity threatens critical infrastructure networks and urged defenders to upgrade to SNMPv3, disable Cisco Smart Install, enforce strong unique passwords, block TFTP and SNMP at edge firewalls, update software and firmware, and replace end-of-life devices.

    Show sources