TL;DR: When attackers probe government systems, they often begin not with stolen credentials or phishing emails but with aging routers and firewalls left running long past their expiration dates.