
Russian government hackers are prowling the edges of critical networks, and federal officials say vulnerable routers are practically rolling out a welcome mat. In a warning issued Monday, federal cyber agencies said Russian state-sponsored actors from the FSB’s Center 16 are exploiting poorly configured routers and other edge devices in a global campaign that touches communications, energy, healthcare and government systems. Honolulu utilities, hospitals and local government IT teams are among those federal officials say should move router checks to the top of the to-do list.
The National Security Agency and international partners published a joint Cybersecurity Advisory on July 13 that details the actors’ tactics, techniques and a short hardening checklist, according to the NSA. The new guidance builds on earlier FBI reporting about the campaign, and the Honolulu FBI office has been boosting the signal locally. See the brief alert in the FBI Honolulu feed for the field office’s public notice.
FSB Center 16 cyber actors continue to exploit poorly configured and vulnerable networking devices worldwide.
— FBI Honolulu (@FBIHonolulu) July 13, 2026
How the attackers operate
As laid out in the joint guidance from IC3, the actors scan for devices running legacy or misconfigured management protocols such as SNMP, then send SNMP Set-Requests that instruct routers to copy configuration files and transfer them over TFTP to attacker-controlled servers. The advisory also notes that the group has taken advantage of known Cisco issues, including CVE-2018-0171, and in some cases modifies device configurations to keep a foothold. Those quiet reconnaissance moves let operators map victim networks and reach systems that support industrial control and other critical services.
What officials are urging
Officials say the defenses here are not glamorous, but they work. Recommended steps include switching to SNMPv3 with strong authentication, disabling legacy SNMPv1/v2 and Cisco Smart Install, blocking TFTP, SMI and SNMP at edge firewalls, changing default passwords and keeping device firmware up to date. Those hardening measures appear in the NSA-backed advisory, and federal partners are steering organizations to additional support, such as free Cyber Hygiene scanning from CISA to probe internet-facing assets and rank the most urgent fixes. Agencies caution that the checklist is simple on paper but only works if organizations have a full inventory and follow through.
If you suspect a compromise, officials urge reporting to your local FBI field office or filing a complaint with IC3. A 2025 public service announcement from the FBI outlines the router activity patterns investigators are watching for and how to share details with law enforcement. For businesses that run critical infrastructure, the advisory calls for an immediate census of all internet-exposed networking gear and early engagement with federal cyber partners. According to officials, quick reporting gives defenders a chance to disrupt these operations before reconnaissance turns into something more destructive.
The warning doubles as a reality check: small misconfigurations at the network edge can become the front door for state actors. For Honolulu organizations that rely on always-on connectivity, treating router hygiene as mission-critical work and scheduling regular configuration and firmware reviews is now part of basic survival, not optional fine-tuning.









