Russian state-sponsored advanced persistent threats (APTs) are infiltrating critical infrastructure networks by exploiting vulnerabilities in poorly secured routers. These attacks, carried out by multiple APT groups, pose a significant threat to the security and stability of critical infrastructure sectors. The compromised devices can be used as a foothold for further malicious activities, including data theft and disruption of operations. The warning, issued by the US and its allies, highlights the shift in threat model from financially motivated cybercrime to geopolitically motivated attacks1. This change in threat landscape requires a different approach to cybersecurity, one that takes into account the unique tactics, techniques, and procedures (TTPs) employed by state-sponsored actors. The fact that these attacks are targeting critical infrastructure routers underscores the potential for significant disruption to essential services, making it essential for organizations to reassess their security posture and implement robust defenses to mitigate these threats.