ASD Warns of Russian Cyber Threats to Critical Infrastructure

ASD Warns of Russian Cyber Threats to Critical Infrastructure

Shivangi
Jul 16, 2026 11:26 AM IST
Category News

Synopsis

Australia's cyber-intelligence agency has urged critical infrastructure operators to strengthen network defences after warning that Russian state-backed hackers continue exploiting vulnerable systems worldwide.

01
Chapter one

Key Highlights

  • Australian Signals Directorate (ASD) warned Russian state-sponsored cyber actors were evacuating critical infrastructure.
  • Attacks take advantage of badly configured and unprotected routers.
  • Vulnerable sectors include energy, financial services, communications, defence, government and health.

The Australian Signals Directorate (ASD) urged organisations across Australia’s critical infrastructure sector to strengthen their network devices, following an earlier warning from the agency that cyber actors affiliated with Russia’s Federal Security Service (FSB) are continuing to target vulnerable networking equipment.

In a joint advisory with cyber agencies from 12 partner countries, the ASD said that state-backed threat actors have globally and opportunistically breached numerous critical infrastructure networks in the last decade by intruding into poorly configured or vulnerable networking devices.

The sectors facing the worst threat include energy, financial services, communications, defence industrial base and healthcare and public health as per the advisory. The ASD also cautioned that state and local government agencies continue to be a focus.

02
Chapter two

Routers Identified as Primary Target

The alert specifically zeroes in on the FSB’s Centre 16 that is also tracked as Static Tundra or Berserk Bear, and exploits well-known vulnerabilities and badly configured routers across a range of key sectors. 

The group scans versions of Simple Network Management Protocol (SNMP) on global networks. If a device is configured with default authentication passwords, attackers can direct the device to copy and transfer its configuration settings to an external server.

The compromised network information is then potentially used for targeted cyberattacks, as stated by the ASD.

The cyberattack on Poland’s energy infrastructure in December 2025, which could have left half a million people without power had it succeeded, has been attributed on Centre 16 by the UK National Cyber Security Centre as well as several European countries.

03
Chapter three

Organisations Must Strengthen Security

Australian National Cyber Security Coordinator (Lt Gen) Michelle McGuinness called on organisations to audit router configurations, limit exposure of management services, improve authentication methods and remediate internet-facing devices that are vulnerable enough to be exploited.

Cybersecurity firm Semperis claimed many critical infrastructure operators are unwittingly already housing nation-state threat actors that can remain within networks for months, or even years, collecting intelligence, deploying backdoors and tampering with backups.

The company further cautioned that critical Australian infrastructure in rural and regional areas is at a higher risk level, given smaller cybersecurity teams and resources.

04
Chapter four

A Wider International Effort Launching

Agencies from the United States, United Kingdom, Canada, New Zealand, Czech Republic, Denmark, Estonia, Finland Italy, Poland and Sweden collaborated to issue the joint advisory.

The US Department of Justice (DOJ) also released on the same day charges against Alexander Volosovik, Kirill Zatolokin and Yulia Pankova related to cybercrimes that resulted in overUS$62 million in losses at a total of two Russia-based firms with four other affiliates.

Meanwhile, the US authorities have announced a reward of up to US$10 million, as well as possible relocation, for information about government-linked accomplices associated with the three.

During 2025, Australia (alongside others) imposed sanctions on Volosovik and Zatolokin in late 2025 and five of its measures that year targeted Russian nationals behind the 2022 Medibank breach.

Meanwhile, the UK and European Union slapped 24 sanctions on cyber-attackers across a range of targets including senior leadership in Russia’s military intelligence agency and people connected to information theft that affected at least 2,100 victims in the UK in the past six months as well as entities implicated in fomenting interstate electoral disinformation campaigns and conducted anti-Ukraine influence operations.

Source: Information Age 


Written by Shivangi

At Inspirepreneurs Magazine, covering entrepreneurship, business failures, and the human stories behind the world's most ambitious founders. She writes at the intersection of strategy and storytelling.