NCSC, the UK's National Cyber Security Centre, and 18 partner agencies named Russia's FSB Centre 16 in a joint router-hygiene advisory published on Thursday 9 July, according to secondary coverage of the alert 1. The advisory attributes a campaign that hijacks the Simple Network Management Protocol (SNMP), the service administrators use to monitor and configure network gear remotely, to harvest device data and reconfigure routers. It names communications, energy, healthcare, defence and financial-services operators as targets.
An April advisory named a different Russian service. That earlier alert attributed DNS hijacking on home routers to the GRU's Unit 26165, also tracked as APT28 . Centre 16 sits inside the FSB, Russia's domestic security service, rather than military intelligence, and works through SNMP where APT28 rewrote DNS entries. Both campaigns hit the same network edge from two different Russian agencies.
The joint advisory tells operators to retire legacy SNMP versions 1 and 2c for the authenticated, encrypted SNMPv3, and to restrict management-protocol access to trusted hosts 2. SNMP hygiene rarely reaches a board agenda, yet a second Russian service now treats it as a collection route into critical national infrastructure. For a UK operator, the action is a configuration audit this quarter, not a procurement cycle.
