A major joint advisory from the United States and allied nations has sounded the alarm on a widespread, state-sponsored cyber campaign that systematically targets routers, firewalls, and other network edge devices to infiltrate critical infrastructure worldwide.

The advisory, covered by Security Affairs, highlights that groups linked to Russia's FSB Center 16—including Berserk Bear and Energetic Bear—are conducting large-scale operations. Instead of relying on novel exploits, these actors are maximizing scale and persistence by exploiting known, often unpatched flaws in ubiquitous network hardware. Devices that are poorly maintained or past their vendor end-of-life date are prime targets.

This campaign marks a strategic shift in attack methodology. By compromising the foundational networking equipment that sits outside traditional endpoint security monitoring, adversaries gain a durable foothold below the radar of many corporate defenses. This creates a critical blind spot, offering a persistent platform for lateral movement, espionage, or disruptive operations.

In response, the allied governments are demanding an immediate change in security posture. The advisory states that the traditional "install-and-forget" model for network appliances is obsolete and dangerously inadequate. Organizations, particularly those operating critical infrastructure, must now treat these devices as high-priority security assets requiring continuous, rigorous management.

The core recommendations call for organizations to: * Develop and maintain a comprehensive inventory of all internet-facing network devices, including firmware versions and support status. * Implement strict firmware patching schedules and establish clear plans to isolate or replace end-of-life equipment. * Harden configurations by changing all default credentials, disabling unused services, and applying vendor security guides. * Significantly enhance monitoring at the network perimeter for anomalous traffic patterns and unauthorized configuration changes.

This coordinated advisory from allied governments elevates network appliance security from a best-practice recommendation to an urgent operational necessity. It frames the integrity of routers and switches as a primary line of defense against sophisticated, persistent threats and a critical component of maintaining overall operational continuity.


美國及其盟國發布的聯合重要通告發出警報,指一場由國家支持的廣泛網絡攻擊活動正系統性地針對路由器、防火牆及其他網絡邊緣設備,以滲透全球關鍵基礎設施。

據 Security Affairs 報導的通告指出,與俄羅斯聯邦安全局(FSB)第16中心有關聯的組織——包括 Berserk Bear 和 Energetic Bear——正進行大規模攻擊行動。這些攻擊者並非依賴新型漏洞利用,而是透過利用普遍存在的網絡硬件中已知且常未修補的缺陷,以最大化攻擊規模與持久性。維護不善或已過廠商支援期限的設備成為首要攻擊目標。

此次攻擊行動標誌著攻擊方法的策略性轉變。透過入侵位於傳統端點安全監控之外的基礎網絡設備,攻擊者能在許多企業防禦體系的雷達之下建立持久據點。這形成關鍵監測盲點,為橫向移動、間諜活動或破壞行動提供持續性平台。

作為回應,各國政府要求立即改變安全防護姿態。通告明確指出,網絡設備傳統的「安裝後即忘」模式已經過時且危險不足。各機構,特別是運營關鍵基礎設施的組織,必須將這些設備視為需要持續嚴格管理的高優先級安全資產。

核心建議要求各機構: * 制定並維護全面的互聯網面向網絡設備清單,包括韌體版本與支援狀態。 * 實施嚴格的韌體更新時間表,並制定明確計劃以隔離或替換已過期設備。 * 透過更改所有預設憑證、停用未使用服務及遵循廠商安全指南來強化配置。 * 大幅加強網絡邊界對異常流量模式與未授權配置變更的監控。

各國政府此次協調發布的通告,將網絡設備安全從最佳實踐建議提升為緊急營運必需。通告將路由器與交換機的完整性定位為對抗複雜持續威脅的第一道防線,以及維持整體營運連續性的關鍵組件。

新聞來源 / Original News Source