Jessica Entwistle
July 16 2026
The National Cyber Security Centre, working with the US Cybersecurity and Infrastructure Security Agency and other international partners, has published a joint advisory warning that Russian state-sponsored cyber actors are actively exploiting poorly configured routers and network devices to gain access to critical infrastructure and enterprise networks. The advisory, released on 13 July 2026, details how attackers are targeting edge devices with weak or default credentials, outdated firmware, and inadequate logging to establish persistent access and move laterally within organisations. The activity has been observed across multiple sectors globally, with particular focus on energy, water, transport and communications infrastructure.
Network edge devices such as routers, firewalls and VPN gateways are often managed separately from endpoint and identity systems, and in many organisations they do not receive the same level of patch discipline, monitoring or access control. When these devices are compromised, attackers gain a foothold that can be difficult to detect and even harder to remove, particularly if logging is not enabled or not being reviewed. The advisory makes clear that this is not theoretical risk but active targeting of real infrastructure, and the techniques being used are well within the capability of organised criminal groups as well as state actors. For UK businesses, particularly those in critical sectors or those that provide services to critical infrastructure, this represents a material operational risk that requires immediate attention.
Organisations should review how network edge devices are managed, monitored and maintained. Check whether routers and VPN gateways are running current firmware, whether default credentials have been changed, and whether logging is enabled and being reviewed as part of routine security monitoring. Ensure there is clear ownership of these devices within IT and security teams, and that they are included in regular vulnerability and configuration reviews. For organisations that rely on managed service providers for network infrastructure, this is a useful conversation to have about how these devices are being maintained and monitored. The NCSC advisory includes specific technical guidance on hardening configurations, which should be reviewed alongside your existing network security standards.
Source: NCSC UK