Earlier this month, the Federal Bureau of Investigation (FBI) issued a warning to the public and private sectors as well as the international community. The reason for the warning is a new cybersecurity threat to computer networks associated with critical infrastructure. As the FBI wrote in its public service announcement, the agency “detected Russian FSB cyber actors exploiting Simple Network Management Protocol (SNMP) and end-of-life networking devices running an unpatched vulnerability (CVE-2018-0171) in Cisco Smart Install (SMI) to broadly target entities in the United States and globally.” What else is there to know about this threat? Let’s dive in.
What to Know About Berserk Bear
The actors behind this threat detected by the FBI are known as “Berserk Bear” and “Dragonfly.” According to the announcement, they have been attacking networks for more than a decade. However, Cisco reports that their activities have significantly increased since Russia’s invasion of Ukraine in 2022. This is because “Berserk Bear” is connected to the Russian state-sponsored cyber espionage group known as Static Tundra.
Method of Attack
Considering “Berserk Bear’s” state-sponsored backing, Cisco analyzed that it was likely a target because of the company’s global presence and work in the critical infrastructure sector. In other words, a breach of their systems has greater potential for impact and reach, which has been the case. “Cisco Talos, which disclosed details of the activity, said the attacks single out organizations in telecommunications, higher education and manufacturing sectors across North America, Asia, Africa and Europe,” as reported by The Hacker News.
The method by which the threat actors attacked Cisco was to exploit a cybersecurity vulnerability that allowed them to collect configuration files for thousands of networking devices. It’s also been noted that the attacks focused on the use of SNMP to send instructions that led to further access. The SNMP aspect is of particular interest to us at DYNICS—not because we avoid it altogether, but because we specifically avoid SNMP v1, and strongly prefer SNMP v3 due to its significantly stronger security controls. That said, we recognize that many legacy systems still rely on SNMP v1 or SNMP v2, and our SDN solution is designed to significantly reduce the threats that arise from their use. Overall, the type of attack that “Berserk Bear” has been running and its potential ripple effect is just another reminder that critical infrastructure cybersecurity must be handled as a top priority.
Sources:
- “Russian Government Cyber Actors Targeting Networking Devices, Critical Infrastructure” – FBI, Public Service Announcement
https://www.ic3.gov/PSA/2025/PSA250820
- “FBI, Cisco warn of Russia-linked hackers targeting critical infrastructure organizations” – Eric Geller, Cybersecurity Dive
https://www.cybersecuritydive.com/news/russia-hacking-cisco-switches-fbi-warning/758206/
- “FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage” – Ravie Lakshmanan, The Hacker News
https://thehackernews.com/2025/08/fbi-warns-russian-fsb-linked-hackers.html
- “Russian Espionage Group Static Tundra Targets Legacy Cisco Flaw” – Beth Maundrill, Infosecurity Magazine
https://www.infosecurity-magazine.com/news/russian-espionage-group-targets/
