Home Tech Australia joins a global warning on Russian state hackers. What it means for your money

Australia joins a global warning on Russian state hackers. What it means for your money

Australian operators are among those at risk, and the businesses most exposed are the ones that keep the lights, water and networks running.

Australia’s cyber agency has joined the US, UK and six other nations to warn that Russian state-linked hackers are quietly breaking into vulnerable networking gear across critical infrastructure. Australian operators are among those at risk, and the businesses most exposed are the ones that keep the lights, water and networks running.

The Australian Signals Directorate, through its Australian Cyber Security Centre, has co-signed a joint international advisory warning that Russian state-sponsored actors are actively compromising critical-infrastructure networks. The primary document is the ACSC advisory “Improve Router Hygiene to Protect Against Russian State-Sponsored Targeting”, released this week alongside partners including the United States (the NSA, FBI and Defense Cyber Crime Center), the United Kingdom, New Zealand, Canada, Finland, France and Denmark.

So what did the agencies actually say, and does it change anything if you hold shares in the companies that run our essential services?

Free Daily Newsletter

Never miss an expert insight

Join over 100,000 Australians who get Peter Switzer’s top finance stories delivered free every weekday.
No spam. Unsubscribe anytime.

The warning

The advisory attributes the activity to Russia’s FSB Center 16, a group tracked in the security world under names such as Berserk Bear, Energetic Bear and Static Tundra. It builds on a warning the FBI issued back in August 2025 about the same actors going after networking devices.

The method is the important part, because it is not new or novel like some attack advisories we see. The notice describes ‘opportunistic exploitation’: the attackers scan the internet for routers and networking gear running outdated software, or still sitting on factory-default or weak passwords, then quietly gain access and stay. This is not a bespoke, Australia-specific operation. It is a global campaign that picks off whoever left the door unlocked, and Australian entities are among those in range. As we know, the internet has no borders or boundaries, so scanning for unsecured devices runs rampant across the world.

The objective is simple. Run a scan, get inside the network quietly, stay there, just in case you need to nick something or break something later.

The targets

The advisory names the sectors it is most worried about: communications, the defence industrial base, energy, financial services, government facilities, and healthcare and public health. They are the assets that carry knock-on effects when they fail, which is exactly why a hostile actor wants a foothold in them. It’s much easier to beat an enemy when you can turn a nation’s hospitals off at the flick of a switch, for example.

Smaller suppliers matter too. Attackers often walk in through a contractor or a software vendor rather than the front door of the big operator, so the risk runs down the supply chain, not just at the top of it.

All of these companies, especially listed ones, have obligations when it comes to protecting your data and their infrastructure from opportunistic and intentional hackers.

What it means for investors

If you hold ASX-listed operators of critical assets, a serious intrusion can mean big bikkies. There’s the operational downtime, remediation costs, mandatory disclosure, and regulator attention from regulators. It can also move a share price on the day.

Cyber resilience is now something you have to take into account when assessing a stock purchase, alongside the balance sheet.

This information is general in nature and does not constitute financial advice. You should seek advice from a licensed financial adviser and consider your own circumstances before making any investment decisions.

Luke Hopewell

Luke Hopewell

Luke Hopewell is Head of Content and Digital Marketing at Associate Global Partners and oversees content strategy for Switzer Daily and Switzer Report. He was previously the head of editorial at Twitter Australia, the editor of cult tech site Gizmodo, launch editor of Business Insider's Australian edition, with stints various corporates like CBA and Telstra in-between. When he's not writing, he's getting outdoors and patting all the nice dogs he meets.

View all articles by Luke Hopewell →

More from Luke Hopewell

Leave a Comment

Your email address will not be published. Required fields are marked *