Top stories.
- Western intelligence agencies warn of Russian hackers targeting critical infrastructure.
- Progress Software tells ShareFile admins to shut down servers immediately.
- Researchers identify a new macOS infostealer.
Western intelligence agencies warn of Russian hackers targeting critical infrastructure.
Intelligence agencies from the Five Eyes nations and eight European allies issued a joint advisory warning that hackers from Russia's Federal Security Service (FSB) are targeting poorly configured and vulnerable routers across critical infrastructure sectors. The threat actors are scanning "Internet IP ranges with active Simple Network Management Protocol (SNMP) agents that accept common or default community strings for authentication." The scans send SNMP Set-Requests that copy the device's configuration and transfer it to "an actor-controlled leased virtual private server (VPS) or compromised FTP server."
The advisory recommends that administrators disable Cisco Smart Install on all devices, use SNMPv3 with "authPriv" configured to the highest encryption standard available, use strong, unique passwords for local accounts, and monitor for unusual credentials and logins to local accounts.
The agencies attribute the activity to the FSB's Center 16, tracked in the industry as "Berserk Bear," "Energetic Bear," "Crouching Yeti," "Dragonfly," "Ghost Blizzard," and "Static Tundra."

