Australia’s chief cyber-intelligence agency has called for critical infrastructure organisations to fortify their network devices amid an ongoing wave of Russian state-sponsored cyberattacks.

On Tuesday, the Australian Signals Directorate (ASD) warned that cyber-actors tied to Russia's Federal Security Service (FSB) have continued to exploit “poorly configured” and vulnerable networking devices worldwide.

In a joint advisory published alongside agencies from 12 countries, ASD said the state-backed threat actors have “opportunistically” compromised multiple critical infrastructure networks over the course of a decade.

The sectors most at risk from FSB targeting include energy, financial services, communications, defence industrial base, and healthcare and public health.

The ASD emphasised state and local government agencies were particularly at risk.

Jeff Wichman, director of crisis response at cybersecurity company Semperis, said many critical infrastructure operators are already “unwitting hosts” to nation-state threat actors.

“Once inside a network, these hackers can bide their time,” Wichman said.

“Rather than taking immediate action, they remain dormant for months or even years, waiting for the right moment to strike.

“In the meantime, they can gather intelligence, plant backdoors for future operations, and compromise backups to remain persistent even after recovery attempts.”

Other partners who joined the warning against Russia's exploits include agencies from the US, UK, Canada, New Zealand, Czech Republic, Denmark, Estonia, Finland, Italy, Poland and Sweden.

Routers at risk

The ASD’s warning related to the FSB’s ‘Centre 16’: a signals-intelligence unit that exploits common vulnerabilities and targets poorly configured routers in critical industries across the West.

Tracked in security circles as ‘Static Tundra’ or ‘Berserk Bear’, the hackers begin their exploits by routinely scanning international networks for outdated versions of SNMP (or Simple Network Management Protocol).

If they find a poorly configured SNMP agent that accepts default passwords for authentication, the hackers essentially instruct the victim device to copy and transfer its configuration details to an external server.

Information Age understands Centre 16 is then able to enact targeted cyberattacks using the compromised network information.

According to the UK's National Cyber Security Centre and numerous EU member states, Centre 16 was attributed to a December 2025 attack on Poland’s energy grid which could have caused 500,000 civilians to lose electricity if successful.

‘No country can afford to be complacent’

While paraphrasing the ASD’s advisory, Australia’s national cybersecurity coordinator Lieutenant General Michelle McGuinness encouraged device owners to review their router configurations.

She added network defenders should reduce exposed management services, strengthen authentication practices, and prioritise the remediation of vulnerable, internet-facing devices.

“Poorly secured routers continue to be targeted by Russian state-sponsored cyber actors,” said McGuinness.

“No country can afford to be complacent, and Australia continues to call on all states and cyber actors to act responsibly in cyberspace.”

Following ASD’s advice on router security, Wichman said rural and regional Australian infrastructure faces higher risks.

“Small teams and smaller budgets make it easier for attackers to exploit vulnerabilities, bypass controls, and evade detection,” he said.

“Even short disruptions to Australia's critical infrastructure could spell disastrous fallout across public safety, private industry, and national security.

“It’s not difficult to imagine the impact of shutting down a community’s access to water or electricity.”

Global crackdowns hit Russian threat actors

Alongside the ASD's joint advisory, the US Department of Justice (DOJ) announced an indictment against three Russian nationals and two Russia-headquartered companies for cybercrimes which allegedly caused more than US$62 million in victim losses.

St. Petersburg citizens Alexander Volosovik, Kirill Zatolokin, and Yulia Pankova allegedly ran criminal infrastructure that powered attacks on critical institutions across the US.

“The victims in this case are not only in Ohio, but also in 20 other states across the country,” said David Toepfer, US attorney for the Northern District of Ohio.

“They include banks, schools, government entities, hospitals, and media companies.”

US authorities have offered a reward of up to US$10 million, and possible relocation, for “actionable information” on foreign government-linked associates of Pankova, Volosovik and Zatolokin.

The US has offered significant rewards for information related to the indicted trio. Source: DOJ

Zatolokin and Volosovik were already sanctioned by Australia in late 2025, while five separate sanctions that year targeted Russian individuals associated with a historical 2022 data breach at Medibank.

In the UK and EU, a separate spate of 24 sanctions was applied to individuals and entities responsible for orchestrating cyberattacks, interfering in elections, and spreading anti-Ukraine narratives across Europe.

Among those sanctioned was senior leadership in Russia's primary foreign military intelligence agency, and persons involved in a data stealing operation that has targeted at least 2,100 UK victims in the last six months.

“The UK and EU are sending a clear message that Russia cannot hide behind its use of these proxy groups,” said UK foreign secretary Yvette Cooper.