Skip to content
Tech News
← Back to articles

Russian Hackers Are Inside American Home Routers. The FBI Has a 5-Step Fix

2026-05-21 | original
read original get Router Security Upgrade Kit → more articles
Why This Matters

This incident highlights the ongoing cybersecurity threats targeting home routers, emphasizing the importance of basic security practices for consumers to protect their networks from sophisticated state-sponsored hacking groups. It underscores the need for vigilance and regular updates to safeguard personal and organizational data in an increasingly connected world.

Key Takeaways

Most home routers sit in a corner, ignored, and that's exactly what Russia's military intelligence unit was counting on. The GRU group known as APT28, responsible for some of the most significant state-sponsored hacks of the past decade, spent years exploiting that neglect, working its way into thousands of home and small office routers across 23 US states and using the access to intercept traffic, steal credentials and build a shadow network of compromised devices. A joint federal advisory issued April 7 outlined the scope of the attack and the court-authorized operation that disrupted it. It also came with a clear instruction: There are five steps every router owner should take immediately.

The attack targeted small-office/home-office routers, also known as SOHO routers, and was carried out by a unit in the Russian military intelligence agency, the GRU. Government agencies are urging people to follow basic router hygiene steps, such as updating to the latest firmware and changing default login credentials. The UK's National Cyber Security Centre includes a number of TP-Link routers specifically targeted by the hackers.

While that news sounds pretty alarming, it's worth keeping in mind that the attack compromised enterprise routers specifically, so your home Wi-Fi router likely isn't at risk. That said, some of the affected routers can be used as standard home routers, so it's worth checking whether your model was exploited in the attack.

Locating local internet providers

"There is a big trend of exploiting routers these days, and that goes both for the consumer and enterprise or corporate routers," Daniel Dos Santos, vice president of research at the cybersecurity company Forescout, told CNET.

What type of attack is this?

A news release from the NSA notes that the attack indiscriminately targeted a wide pool of routers, with the goal of gathering information on "military, government, and critical infrastructure."

Locating local internet providers

This attack is linked to threat actors within the Russian GRU -- which go by APT28, Fancy Bear, Forest Blizzard and other names -- and has been ongoing since at least 2024, according to the FBI.

It's known as a Domain Name System hijacking operation, in which DNS requests are intercepted by changing the default network configurations on SOHO routers, allowing the actors to see a user's traffic unencrypted.

... continue reading

Explore topics: apt28 gru tp-link home routers firmware
Related:
One UI 8.5 is starting to arrive on the Galaxy Tab S11 series
Fake Samsung SSD spotting comes to CrystalDiskInfo as AI crunch drives sophisticated counterfeit market — free open-source software can flag clones by checking firmware, PCI Vendor ID
TP-Link's tiny 5-port Gigabit switch drops to just $9
Grab this $8.97 TP-Link Ethernet Switch to ditch Wi-Fi lag and unlock 4K streaming and gaming at home — huge 47% discount for compact, fanless gigabit device with five additional ports for your network
Modder uses Nintendo Switch to boost aging 3D printer's speed by 90%, dropping 3DBenchy print time from 90 minutes to a mere 8 minutes and 41 seconds — enthusiast claims big quality improvements by using jailbroken quad-core console

© 2026 GoKawiil

About | Editorial Policy | Contact