Endpoint Security
,
Network Performance Monitoring & Diagnostics
,
Security Operations
Advisory Cites Poor Cyber Hygiene, Legacy Protocols as Key Weakness

A slew of international cybersecurity agencies are urging system administrators to harden their networks amid warnings that Russian nation-state hackers are opportunistically targeting weakly secured networks.
See Also: OnDemand Webinar | Trends, Threats and Expert Takeaways: 2025 Global IR Report Insights
In an advisory distributed Tuesday by the U.S. Cybersecurity and Infrastructure Security Agency, cybersecurity agencies from Europe, North America, Australia and New Zealand warn that Center 16, the cyberwarfare division Russia’s domestic intelligence agency the Federal Security Service, continue to exploit poorly configured and vulnerable networking devices worldwide.
The European Union and the United Kingdom announced Monday sanctions against nine individuals and four entities for asset freezes and travel bans in retaliation against hacking activity carried out by Center 16 (see: EU and UK Sanction Russian Nation-State Hackers).
Acting Executive Assistant Director for Cybersecurity Chris Butera said CISA’s continued work with both “domestic and global partners” showcases just how broad the “ongoing threat of nation-state actors” is globally. “The advisory provides a timely and urgent reminder of actions for critical infrastructure owners and operators to counter Russian state-sponsored activity. CISA urges network defenders to implement mitigation and remediation measures to reduce your attack surface and risk of exploitation.”
Among the basic hardening steps the agencies detail is disabling Cisco “Smart Install,” a feature that’s been the subject of repeated warnings for nearly a decade. A flaw in Smart Install, tracked as CVE-2018-0171 allows unauthenticated, remote attackers to execute arbitrary code. The flaw appears to also have been a favorite of Chinese nation-state hackers (see: Talos: No Cisco Zero Days Used in Salt Typhoon Telecom Hacks).
The advisory also recommends the basic step of upgrading any extant implementations of version 1 or version 2 of the simple network management protocol to version 3 – given that the first two versions transmit data in the clear.
The advisory also recommends organizations replace weak default passwords with more unique credentials, storing configuration credentials securely on local accounts to prevent reusing compromised passwords. Through network segmentation and updated access control lists, users can restrict remote administrative access, maintain an inventory of active, internet-facing devices and utilize attack surface management services to detect unauthorized access or configuration changes.
The latest security advisory from CISA builds on a August 2025 FBI public service announcement documenting malicious Russian cyber operations also attributed to Center 16.
