The National Security Agency (NSA), together with the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and 15 other cybersecurity agencies from 11 allied countries, has issued a technical advisory attributing an ongoing cyber campaign to Center 16 of Russia’s Federal Security Service (FSB).
According to the advisory, the group has spent years exploiting insecure or outdated routers and other network devices by taking advantage of weak configurations, default passwords, and unpatched equipment to gain access to the networks of strategically important organizations.
A Threat to Digital Infrastructure
The advisory is primarily aimed at operators of critical infrastructure in sectors such as energy, communications, defense, finance, healthcare, and government.
However, many of the same technologies used by those organizations are also essential to the day-to-day operations of transportation and logistics companies, which depend on reliable highways, power, telecommunications, traffic systems, and digital platforms that coordinate freight, warehouses, and vehicle fleets.
Today, it is common for transportation companies to rely on connected networks to manage:
- Fleet management systems
- Freight dispatch platforms
- GPS and telematics
- Security cameras
- Wi-Fi networks at terminals and warehouses
- Transportation Management Systems (TMS)
- Warehouse Management Systems (WMS)
All of these services depend on secure network infrastructure.
How the Attackers Operate
According to the guidance released by the NSA and its international partners, attackers often do not need sophisticated hacking techniques to infiltrate a network.
In many cases, they simply search for devices that still use factory-default settings, outdated versions of the Simple Network Management Protocol (SNMP), or remote management features that were never disabled.
Once inside a router, attackers may gain valuable information about the network’s architecture, routing tables, security policies, and, in some cases, stored credentials.
That information can then be used to plan future intrusions or move laterally into other internal systems within the organization.
The Target Is the Network—Not the Trucks
The advisory does not indicate that commercial vehicles themselves are under attack or that truck drivers face a direct threat.
Instead, the focus is on the digital infrastructure that supports transportation companies.
If a corporate network is compromised, organizations could experience communication outages, difficulties monitoring vehicles, dispatch coordination problems, or the exposure of sensitive business information.
In an industry where many operations are managed in real time, a cyber incident can quickly lead to operational delays and disrupt business continuity.
Sanctions Following the Poland Cyberattack
The release of the advisory coincided with coordinated action by the United Kingdom and the European Union against Russia’s cyber ecosystem.
Both announced sanctions targeting members of FSB Center 16, which they say was responsible for the attempted cyberattack against Poland’s power grid in December 2025.
According to British authorities, the attack used DynoWiper malware and could have left approximately 500,000 people without electricity during the winter. The attack was successfully contained before causing widespread damage.
The coordinated response by the United States, the United Kingdom, the European Union, and other allied nations highlights growing international concern over cyber campaigns targeting critical infrastructure.
What the NSA Recommends
The technical guidance includes practical measures that both large organizations and mid-sized businesses can implement to reduce the risk of compromise.
Key recommendations include:
- Regularly update router and network device firmware.
- Replace all default passwords with strong, unique credentials.
- Use SNMP Version 3, which supports authentication and encryption.
- Disable legacy remote management services that are no longer needed.
- Block insecure protocols through firewall rules.
- Regularly review the configuration of connected devices.
Authorities emphasize that many of the vulnerabilities exploited by this group have been known for years and can be addressed through basic cybersecurity best practices.
A Warning for the Entire Logistics Industry
The transportation industry continues to become more digital every year. From tracking shipments to communicating with drivers, much of today’s logistics operation depends on technology that must remain secure and available around the clock.
While the NSA advisory is primarily directed at critical infrastructure operators, it also carries an important message for the logistics sector: cybersecurity is just as essential as fleet maintenance and regulatory compliance.
For transportation companies, reviewing router configurations, keeping network devices updated, and strengthening basic cybersecurity controls can help prevent incidents that disrupt operations or expose critical business information.
At SG, we also help protect your digital operations. Explore our cybersecurity solutions for transportation and logistics companies. Click here.
