Skip to content
Tech News
← Back to articles

5 Steps the FBI Wants You to Take to Secure Your Router Right Now

2026-05-10 | original
read original get Wi-Fi Security Firewall Kit → more articles
Why This Matters

This FBI warning highlights the ongoing threat of sophisticated cyberattacks targeting routers, emphasizing the importance of regular security practices for consumers and small businesses. Staying vigilant and updating device firmware can help prevent malicious access and protect sensitive communications in an increasingly connected world.

Key Takeaways

If you haven't thought about your home router since the day you set it up, the FBI would like a word. Federal agencies, including the FBI and NSA, disclosed on April 7 that a unit of Russia's military intelligence directorate, the GRU group known as APT28 or Fancy Bear, has been systematically compromising home and small office routers since at least 2024, using the access to intercept credentials, authentication tokens and sensitive communications. The agency took the unusual step of remotely resetting thousands of affected US devices under a court order, but officials are warning that without action from individual router owners, the problem is far from solved.

The attack targeted small-office/home-office routers, also known as SOHO routers, and was carried out by a unit in the Russian military intelligence agency, the GRU. Government agencies are urging people to follow basic router hygiene steps, such as updating to the latest firmware and changing default login credentials. The UK's National Cyber Security Centre includes a number of TP-Link routers specifically targeted by the hackers.

While that news sounds pretty alarming, it's worth keeping in mind that the attack compromised enterprise routers specifically, so your home Wi-Fi router likely isn't at risk. That said, some of the affected routers can be used as standard home routers, so it's worth checking whether your model was exploited in the attack.

Locating local internet providers

"There is a big trend of exploiting routers these days, and that goes both for the consumer and enterprise or corporate routers," Daniel Dos Santos, vice president of research at the cybersecurity company Forescout, told CNET.

What type of attack is this?

A news release from the NSA notes that the attack indiscriminately targeted a wide pool of routers, with the goal of gathering information on "military, government, and critical infrastructure."

Locating local internet providers

This attack is linked to threat actors within the Russian GRU -- which go by APT28, Fancy Bear, Forest Blizzard and other names -- and has been ongoing since at least 2024, according to the FBI.

It's known as a Domain Name System hijacking operation, in which DNS requests are intercepted by changing the default network configurations on SOHO routers, allowing the actors to see a user's traffic unencrypted.

... continue reading

Explore topics: fbi gru soho routers tp-link cybersecurity
Related:
U.S. bank disclose security lapse after sharing customer data with AI app
US bank discloses security lapse after sharing customer data with AI app
Exaforce raises $125M Series B to build AI for catching and stopping cyberattacks as they happen
The FBI may have reset your wireless router remotely; if so, you should replace it
Tech Can't Stop These Threats — Your People Can

© 2026 GoKawiil

About | Editorial Policy | Contact