NSA Warns of Router Vulnerabilities Exploited by Russian Hackers
The U.S. National Security Agency and international partners have issued a warning regarding cybersecurity risks associated with business routers, highlighting exploitation by Russian state-linked hackers.

The U.S. National Security Agency (NSA), alongside 18 international partners, issued a warning on Monday concerning widespread security risks posed by business routers. According to the advisory, Russian state-linked hacking groups are systematically exploiting poorly configured and outdated routers within financial institutions, hospitals, energy companies, and other critical infrastructure organizations.
These cyber adversaries often bypass the need for novel software exploits by targeting default passwords, obsolete settings, and hardware that has not been updated or replaced. A primary target is the router's configuration file. Attackers can manipulate the device's own management tools to export this file, which may contain sensitive data including network topology, access controls, routing information, and VPN configurations.
This campaign is not a new threat. In August of the previous year, the FBI reported that the same Russian unit had collected configuration files from thousands of devices connected to U.S. critical infrastructure. In some instances, hackers altered router settings to maintain persistent access and explored networks controlling physical equipment.
An NSA spokesperson stated that the guidance was released to "help network defenders act before vulnerabilities are exploited further." The advisory aims to bolster router security and preempt potential cyberattacks by promoting better network hygiene.