In a joint alert issued August 20, 2025, the FBI and Cisco revealed a sustained cyber‑espionage campaign led by the Russian FSB’s “Center 16,” also known by cybersecurity experts as “Berserk Bear,” “Dragonfly,” or “Static Tundra” . Exploiting the CVE‑2018‑0171 vulnerability in Cisco’s outdated Smart Install (SMI) protocol—with reported weaknesses also in SNMP—Russian operatives have infiltrated thousands of network devices connected to critical U.S. infrastructure over the past year.
Victims span telecoms, higher education, manufacturing, and other sectors deemed strategically valuable. Attackers have harvested and, in some cases, altered device configuration files to facilitate long-term access and deep reconnaissance, particularly across industrial control systems.
The threat extends well beyond U.S. borders, with Cisco noting widespread impact across North America, Asia, Africa, and Europe. The FBI report underscores that these tactics have persisted for more than a decade, tied to prior campaigns—including the notorious SYNful Knock malwaress.
Authorities urge organizations to promptly apply the Cisco‑provided patch or disable Smart Install where patching isn’t feasible, while federal agencies recommend immediate reporting and review of compromised systems.
This high-severity advisory highlights the enduring challenge of outdated IT infrastructure and the growing sophistication of state-sponsored cyber threats.
