Australia’s cyber agency has joined the US, UK and six other nations to warn that Russian state-linked hackers are quietly breaking into vulnerable networking gear across critical infrastructure. Australian operators are among those at risk, and the businesses most exposed are the ones that keep the lights, water and networks running.
The Australian Signals Directorate, through its Australian Cyber Security Centre, has co-signed a joint international advisory warning that Russian state-sponsored actors are actively compromising critical-infrastructure networks. The primary document is the ACSC advisory “Improve Router Hygiene to Protect Against Russian State-Sponsored Targeting”, released this week alongside partners including the United States (the NSA, FBI and Defense Cyber Crime Center), the United Kingdom, New Zealand, Canada, Finland, France and Denmark.
So what did the agencies actually say, and does it change anything if you hold shares in the companies that run our essential services?
The warning
The advisory attributes the activity to Russia’s FSB Center 16, a group tracked in the security world under names such as Berserk Bear, Energetic Bear and Static Tundra. It builds on a warning the FBI issued back in August 2025 about the same actors going after networking devices.
The method is the important part, because it is not new or novel like some attack advisories we see. The notice describes ‘opportunistic exploitation’: the attackers scan the internet for routers and networking gear running outdated software, or still sitting on factory-default or weak passwords, then quietly gain access and stay. This is not a bespoke, Australia-specific operation. It is a global campaign that picks off whoever left the door unlocked, and Australian entities are among those in range. As we know, the internet has no borders or boundaries, so scanning for unsecured devices runs rampant across the world.
The objective is simple. Run a scan, get inside the network quietly, stay there, just in case you need to nick something or break something later.
The targets
The advisory names the sectors it is most worried about: communications, the defence industrial base, energy, financial services, government facilities, and healthcare and public health. They are the assets that carry knock-on effects when they fail, which is exactly why a hostile actor wants a foothold in them. It’s much easier to beat an enemy when you can turn a nation’s hospitals off at the flick of a switch, for example.
Smaller suppliers matter too. Attackers often walk in through a contractor or a software vendor rather than the front door of the big operator, so the risk runs down the supply chain, not just at the top of it.
All of these companies, especially listed ones, have obligations when it comes to protecting your data and their infrastructure from opportunistic and intentional hackers.
What it means for investors
If you hold ASX-listed operators of critical assets, a serious intrusion can mean big bikkies. There’s the operational downtime, remediation costs, mandatory disclosure, and regulator attention from regulators. It can also move a share price on the day.
Cyber resilience is now something you have to take into account when assessing a stock purchase, alongside the balance sheet.
This information is general in nature and does not constitute financial advice. You should seek advice from a licensed financial adviser and consider your own circumstances before making any investment decisions.