Jessica Entwistle
July 14 2026
The National Cyber Security Centre, alongside CISA and international partners, has published a joint advisory warning that Russian Federal Security Service (FSB) Center 16 cyber actors continue to exploit poorly configured and vulnerable networking devices across critical infrastructure sectors worldwide. The advisory, published on 13 July 2026, highlights ongoing opportunistic compromise of routers and edge devices that lack basic security hygiene, including default credentials, outdated firmware, and insufficient access controls. The targeting is described as broad and persistent rather than sophisticated, relying on organisations failing to implement well-established protective measures. The advisory includes detailed technical guidance on router hardening, logging, segmentation, and monitoring to help organisations reduce exposure to this activity.
For UK businesses, this advisory is a practical reminder that state-sponsored threat actors continue to exploit the weakest points in enterprise networks, often at the perimeter where visibility and ownership can be unclear. Routers and edge devices are frequently managed inconsistently, left with vendor defaults, or overlooked during patching cycles. The operational risk is that compromised routers can provide persistent access, enable lateral movement, and allow attackers to monitor or manipulate traffic without triggering endpoint detection tools. This is particularly relevant for organisations in critical national infrastructure, manufacturing, energy, healthcare, and professional services sectors, all of which have been targeted by Russian state actors in recent years. The advisory reflects a pattern of activity that has been observed for several years, but the persistence of the threat suggests that many organisations have not yet implemented the foundational controls needed to reduce exposure. The NCSC's guidance is clear and practical, focusing on configuration management, access control, logging, and regular review rather than requiring significant investment in new technology.
UK organisations should review who owns router and edge device security, how those devices are configured, and whether logging and monitoring are sufficient to detect unauthorised access. Many organisations have strong endpoint and identity controls but weaker visibility at the network perimeter. Ensuring that routers are patched, hardened, and monitored is a foundational control that should be verified regularly, not assumed to be in place. Practical steps include inventorying all network devices, verifying that default credentials have been changed, ensuring that firmware is current, enabling logging and monitoring, and restricting management access to trusted networks. Where devices cannot be patched or replaced, organisations should consider whether compensating controls such as network segmentation, access restrictions, or additional monitoring are appropriate. The NCSC advisory provides detailed technical guidance that security and network teams can use to assess current configurations and identify gaps.
Source: NCSC UK