Russian Spies Are Testing Australia's Unlocked Doors

Australia's top signals agency has joined two dozen allied governments to warn that hackers working for Russian intelligence are quietly breaking into poorly secured network devices across critical industries worldwide.

ThreatVectr Newsdesk· 3 min read
Photoreal news-editorial wide shot of a dimly lit operations center at night, blue and amber monitor glow, abstract map of Eastern Europe faintly visible on a l
Share

Key points

  • The Australian Signals Directorate (ASD) issued a joint advisory with agencies from roughly 23 countries, including the United States, the United Kingdom, and Canada, warning of ongoing Russian-linked intrusions into critical infrastructure.
  • The hackers are linked to Russia's Federal Security Service (FSB), the country's domestic intelligence agency, and have been active for more than a decade.
  • Targets include sectors such as financial services, healthcare, defence, and communications, with state and local government agencies flagged as especially exposed.
  • The attackers use basic methods, including guessing factory-set default passwords on routers, devices that direct traffic between computers inside an organisation.

Hackers working for Russian intelligence are not doing anything exotic. They are, in the words of a former senior Australian cyber official, rattling doors.

The Australian Signals Directorate (ASD), the country's electronic intelligence and cybersecurity agency, published a joint advisory this week alongside the United States National Security Agency and partner agencies from the United Kingdom, New Zealand, Canada, Finland, France, Denmark, and roughly a dozen other countries. The advisory warns that groups operating on behalf of Russia's Federal Security Service (FSB) are actively targeting critical infrastructure, a broad term covering the systems that keep hospitals, banks, utilities, and governments running.

The method is disarmingly simple. The hackers scan the internet for routers, the physical devices that steer data traffic inside an organisation's network, that still use their factory-set default passwords. Guessing those passwords requires no special skills. Once inside, they quietly copy login credentials and other sensitive information.

Alastair MacGibbon, former head of the Australian Cyber Security Centre, described the campaign to ABC News Australia as bluntly effective. "It's not sophisticated, but it works really well," he said. "It's the equivalent of walking around the internet and rattling the doors of organisations to see if they've been essentially left in a factory setting."

The ASD names several hacking groups it considers frequently responsible: Berserk Bear, Energetic Bear, Crouching Yeti, Dragonfly, Ghost Blizzard, and Static Tundra. Security researchers generally treat these as overlapping names for clusters of FSB-linked operators.

Why should an ordinary Australian be concerned?

Because the sectors under attack directly affect daily life. A breach inside a hospital network can delay patient records and slow care. A foothold in a financial institution can expose customer data. State and local government agencies, flagged in the advisory as particularly vulnerable, hold tax records, welfare information, and licensing data for millions of people.

The fix, for most organisations, is not expensive. The advisory points to basic steps: change default passwords on every network device, apply software updates promptly, and place routers behind a firewall, meaning a security barrier that blocks outside internet traffic from reaching internal equipment directly.

MacGibbon noted that many organisations do not realise their routers are visible to the open internet at all. That invisibility is the real risk. The ASD's own data shows a cybercrime report is filed in Australia approximately every six minutes.

If your organisation uses network equipment of any kind, the single most useful question to ask your IT contact today is: have we changed the default passwords on every router and switch we own?

© 2026 Threat Vectr