A cyber operation backed by the Russian Federal Security Service is targeting computer networks and critical infrastructure, according to a new advisory from the FBI.
The alert states that Russia-sponsored actors are exploiting vulnerabilities in the Simple Network Management Protocol and end-of-life networking equipment used throughout the United States and globally. In the past year, the FBI discovered that FSB Center 16, also known as “Berserk Bear” or “Dragonfly,” deployed modified configuration files to gain unauthorized access to vulnerable devices. These compromised devices were then used for reconnaissance within victim networks.
Join us at the Potomac Officers Club’s 2025 Intel Summit on Oct. 2, where the Intelligence Community’s top leaders will gather to provide insights into the challenges and opportunities facing the IC today and into the future. Reserve your slot today.
FSB Center 16 has been targeting systems that accept legacy unencrypted protocols, such as SNMP versions 1 and 2, and has been deploying custom tools to certain Cisco products, such as the 2015 “SYNful Knock” malware.
The latest alert follows the FBI’s release of a notice titled “Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices” in April 2018 and a joint advisory called “Primary Mitigations to Reduce Cyber Threats to Operational Technology” in May. The FBI noted that the guidelines in these previous documents are also applicable to the current bulletin.
Additionally, the new FBI advisory comes on the heels of a disclosure in early August from Microsoft Threat Intelligence that a Russian-sponsored threat actor known as Secret Blizzard is attempting to infiltrate foreign embassies in Moscow. The operation aims to give Russia persistent access to diplomatic devices and intelligence.