Russia's FSB Center 16 hackers attack routers in the West.LightRocket via Getty ImagesThe Federal Security Service of the Russian Federation, the successor to the Soviet KGB and better known as the FSB, has deployed its Center 16 hackers to attack inadequately configured and vulnerable routers in the West, according to a newly published warning from the FBI and other international security agencies. The July 13 cybersecurity advisory, alert code of AA26-194A, urged “device owners and network defenders to take mitigation and remediation actions against Russian government-sponsored exploitation of vulnerable routers,” providing recommended mitigation actions in response to the Center 16 adversary techniques that have been observed. What Is The 16th Center Of The FSB At The Heart Of The FBI Advisory?The 16th Center is part of the Federal Security Service of the Russian Federation, better known in the West as the FSB, which ultimately replaced the infamous KGB following the demise of the Soviet Union. The elite hackers that form part of Center 16 are known to focus on missions that incorporate the interception of communications and targeted computer network operations. According to security agency intelligence, Center 16 “supports foreign intelligence collection,” and is also known as Military Unit 71330.Center 16 operatives have been observed conducting cyber operations for at least 16 years, and are known to have launched attacks against critical national infrastructure in countries across the globe. “Center 16 has targeted systems essential for energy, healthcare, finance, education and local/national governments,” according to U.K. government sources.Which is where the latest cybersecurity advisory comes in, with the FBI confirming that Center 16 cyber actors are exploiting “poorly configured and vulnerable networking devices worldwide, opportunistically compromising multiple critical infrastructure sector networks.”FBI Explains Center 16 Tactics And Techniques, Provides Mitigation AdviceThe Russian FSB Center 16 hackers, operating under threat group names identified by the cybersecurity community as Berserk Bear, Energetic Bear, Crouching Yeti, Dragonfly, Ghost Blizzard and Static Tundra, are thought to “primarily use scanning to identify poorly configured networking devices, primarily routers, for exploitation,” the FBI said, adding that they “scan for Internet IP ranges with active Simple Network Management Protocol agents that accept common or default community strings for authentication,” to gain initial access to the target routers. MORE FOR YOUThe most important takeaway from this campaign, according to Louis Eichenbaum, Federal chief technology officer at security provider ColorTokens, is that these adversaries continue to exploit relatively basic weaknesses because they know those weaknesses still exist. “This is especially true with our OT systems that manage our critical infrastructure as they often use legacy components,” Eichenbaum warned; “Organizations should assume that perimeter devices will eventually be compromised.”By way of mitigation advice, the FBI advised that organizations should configure SNMP v3 on network devices to replace insecure community strings with strong authentication and data encryption. Passwords should be stored securely in network device configurations to prevent reuse from compromised devices. “What makes this advisory significant is how avoidable it is,” Ian Robinson, chief product officer at network security specialist Titania. “The recommended fixes should all be part of network configuration hygiene but are deprioritized.” This is, Robinson said, because routers, switches and the broader network layer are seen as unglamorous, and as such are all-too-often overlooked as set-and-forget infrastructure. ”This is precisely what a patient, opportunistic cyber actor from Russian Intelligence Services, looking to attack critical national infrastructure, is counting on.”