Cybersecurity Advisory: Protecting networks from Russian state-sponsored attacks

The Cybersecurity and Infrastructure Security Agency (CISA) and partners warn of Russian FSB Center 16 cyber activities targeting unprotected networking devices, emphasizing the need for enhanced security measures across critical sectors like healthcare.

The United States Cybersecurity and Infrastructure Security Agency (CISA) and 18 other U.S-based and international co-sealing agencies have published a Cybersecurity Advisory regarding Russian state-sponsored targeting. The notice is an extension of the Federal Bureau of Investigation’s (FBI) previous Russian Government Cyber Actors Targeting Networking Devices, Critical Infrastructure statement with reports of Russian Federal Security Service (FSB) Center 16’s cyber activity and recommendations for better protecting networks.

According to the advisory, cyber actors from FSB Center 16 are targeting unprotected networking devices globally, including critical infrastructure sector networks like healthcare. The healthcare and public health sector is one of the most at-risk, the authoring agencies say.

The actors are currently sending SNMP requests to various IP addresses, attempting to locate equipment using SNMP versions one and two. To counter this, the advisory recommends disabling those protocols and instead using SNMPv3.

Additional key recommendations from the agencies:

  • To prevent actors gaining access to your routers, protect them with strong and unique passwords for all accounts.
  • Remove Cisco Smart Install once router configuration is complete to keep actors from copying the device’s configuration.
  • Reject SNMP, TFTP, SMI, and other non-essential communications from the firewall.

Further resources and tips can be found in the advisory.

About the Author

Erin Brady

Managing Editor

Erin Brady is Managing Editor of Medical Laboratory Observer.

Sign up for our eNewsletters
Get the latest news and updates