Endpoint Security,
Network Performance Monitoring & Diagnostics,
Security Operations
Advisory Cites Poor Cyber Hygiene, Legacy Protocols as Key Weakness

A coalition of international cybersecurity agencies has issued a strong warning to system administrators regarding the urgent need to harden their networks. This advisory comes in light of growing concerns that Russian nation-state hackers are taking advantage of inadequately secured networks across the globe. The emphasis on network defense highlights a critical escalation in cyber threats posed by state-sponsored actors, particularly from Russia.
The advisory was disseminated on Tuesday by the Cybersecurity and Infrastructure Security Agency (CISA) of the United States. The collective warning involves prominent cybersecurity agencies from Europe, North America, Australia, and New Zealand. It focuses on the activities of Center 16, the cyberwarfare wing of Russia’s Federal Security Service (FSB), which has been identified as a significant threat due to its exploitation of improperly configured and vulnerable networking devices worldwide.
In a bid to reinforce collective cybersecurity efforts, the European Union and the United Kingdom announced sanctions against nine individuals and four entities on Monday. These sanctions include asset freezes and travel bans aimed at those responsible for the hacking activities attributed to Center 16. Such proactive measures illustrate a commitment to combating cyber threats that destabilize national and international security interests.
Chris Butera, the Acting Executive Assistant Director for Cybersecurity at CISA, emphasized the importance of CISA’s collaboration with both domestic and international partners to address the widespread threats posed by nation-state actors. Butera remarked, “The advisory serves as a timely and urgent reminder for critical infrastructure owners and operators to take necessary actions to counter Russian state-sponsored activities. CISA urges network defenders to implement mitigation and remediation measures to reduce the attack surface and overall risk of exploitation.”
Among the essential hardening steps highlighted in the advisory is the disabling of Cisco “Smart Install.” This particular feature has been under scrutiny for nearly a decade due to a critical vulnerability. Tracked as CVE-2018-0171, this flaw allows unauthorized remote attackers to execute arbitrary code, posing substantial risks to network security. Additionally, this same flaw has been exploited by Chinese nation-state hackers, demonstrating a broader issue regarding network vulnerabilities.
The advisory reiterates the necessity of upgrading any existing installations of version 1 or version 2 of the Simple Network Management Protocol (SNMP), recommending updates to version 3. This recommendation stems from the fact that the first two versions transmit data in an unencrypted format, increasing their attractiveness to malicious actors.
Furthermore, it is crucial for organizations to replace weak default passwords with unique and complex credentials. The advisory calls for secure storage of configuration credentials on local accounts, preventing the reuse of compromised passwords. Enhancing network security also involves implementing network segmentation and updated access control lists, which can restrict remote administrative access and maintain an accurate inventory of all active, internet-facing devices. Organizations are encouraged to utilize attack surface management services to effectively detect unauthorized access or configuration changes swiftly.
This latest advisory from CISA builds upon a previous announcement from the FBI in August 2025, which documented malicious cyber operations attributed to Russian state-sponsored entities, notably Center 16. The collaborative efforts among these international agencies underline the pressing need for enhanced cybersecurity practices as malicious cyber operations continue to evolve and present increasingly sophisticated challenges to nations worldwide.