SUPO and the FDI warn companies of cyber espionage by the Russian FSB

Publication date 13.7.2026 12.00 | Published in English on 13.7.2026 at 16.01
Type:Press release
A dark photo of a building.

SUPO, the FDI and their international partners are again warning of Russian cyber operations targeting poorly configured routers and other vulnerable network devices.

SUPO (Finnish Security and Intelligence Service) and the FDI (Finnish Defence Intelligence) are taking part in a joint Cybersecurity Advisory (CSA) about Russian cyber espionage that the National Security Agency (NSA) of the United States have published together with several Western intelligence services. Russian state-sponsored cyber threat actors have consistently continued to conduct cyber operations against poorly configured and vulnerable network devices. 

In the CSA being issued now, the malicious activity is linked to the FSB Center 16. Private cybersecurity companies have been tracking this activity, referred to by such names as Berserk Bear, Energetic Bear, Crouching Yeti, Dragonfly, Ghost Blizzard and Static Tundra. The FSB conducts long-term cyber operations and targets especially different sectors of critical infrastructure, such as the energy sector and the defense industrial base. The targets are selected partly on an opportunistic basis, depending on where the FSB’s cyber actors are able to successfully intrude.

The mentioned threat primarily targets company-level network devices, and largely not ordinary citizens’ home routers, which SUPO has previously warned against. Authorities warn that Russia is using poorly configured Internet-connected devices around the world for malicious cyber operations. The CSA is intended to encourage device owners and cyber professionals to take action to reduce the potential for cyber espionage. 

The Finnish intelligence authorities are calling on companies and organisations to be aware of the threat to edge devices. In particular, companies are recommended to:

  • use SNMP version 3
  • use strong passwords
  • disable Cisco Smart Install feature
  • restrict management connections to edge devices from the Internet

Cyber security professionals can find more detailed technical guidance in the NSA's CSA published on 13 July 2026:

Further information for media
SUPO Communications, + 358 50 402 6981, [email protected]
Defence Command’s media service, +358 299 510 975 (during office hours 8-16), [email protected]