Australiancybersecuritymagazine

Australian critical infrastructure urged to tighten router security after Russian cyber warning


Australia’s critical infrastructure operators have been urged to review the security of routers, firewalls and other network infrastructure after the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) joined a multinational advisory warning of sustained cyber activity by Russian state-sponsored actors targeting internet-facing networking devices.

Released in coordination with cyber security and intelligence agencies from allied nations, the joint advisory describes a long-running campaign by cyber actors linked to the Russian Federal Security Service (FSB) Centre 16. The activity has reportedly been ongoing since at least 2015 and continues to target poorly configured or unpatched networking equipment worldwide.

The advisory identifies a range of sectors at risk, including communications, defence, energy, finance, government services, healthcare and other critical infrastructure. It says threat actors have exploited basic security weaknesses including default passwords, exposed management interfaces, legacy protocols and known vulnerabilities that have not been remediated.

According to the ACSC, compromised networking devices can provide attackers with intelligence about an organisation’s internal environment, allowing them to steal credentials, map networks and establish a foothold for further intrusion.

The advisory notes that routers and other network devices remain targets because they can receive less attention than endpoints and servers, despite acting as gateways into enterprise environments. Once compromised, these devices can enable persistent access while remaining difficult to detect.

Alongside the technical advisory, the ACSC also issued a separate alert urging Australian organisations to improve “router hygiene” as an immediate defensive measure. The guidance says basic security improvements can reduce exposure not only to Russian state-sponsored actors but also to other sophisticated cyber adversaries.

Among the priorities identified are:

  • Disabling unnecessary internet-exposed management services.
  • Replacing default or weak passwords with strong, unique credentials.
  • Upgrading to secure management protocols such as SNMPv3.
  • Disabling legacy features including Cisco Smart Install where not required.
  • Applying vendor security patches promptly.
  • Restricting administrative access through network segmentation and firewalls.
  • Monitoring networking devices for unauthorised configuration changes and unusual activity.

The ACSC says network infrastructure should be treated as high-value assets requiring similar levels of monitoring and security management as critical servers or cloud environments.

The advisory also points to the continued operational discipline demonstrated by Russian cyber operators, arguing that many successful compromises have resulted from organisations failing to address well-known security weaknesses.

The warning follows several recent multinational advisories addressing Russian cyber operations targeting logistics providers, telecommunications infrastructure and critical government systems, which agencies say reflect ongoing strategic cyber espionage directed at infrastructure considered essential to national resilience.

For Australian organisations, particularly those operating under the Security of Critical Infrastructure (SOCI) Act or responsible for essential services, the guidance reinforces that basic cyber security practices remain a key defence against nation-state threats.

The ACSC is encouraging organisations to assess whether their networking equipment is exposed to the internet, review vendor security recommendations, implement available mitigations, and report any suspected malicious activity through established cyber incident reporting channels.

While the advisory attributes the campaign to Russian state-sponsored actors, the mitigation advice is intended to strengthen resilience against a broader spectrum of malicious cyber activity, including attackers seeking to exploit vulnerable infrastructure.





Source link