Your router may be vulnerable to Russian hackers, FBI warns: 5 steps to take now

2026-04-10 · Source: News and Advice on the World's Latest Innovations | ZDNET · Field: Technology & Digital — Cybersecurity & Data Privacy, Cloud Computing & IT Infrastructure · Depth: Novice, short

Summary

The FBI and NSA have issued new advisories warning that Russian GRU cybercrime group APT28 (aka Fancy Bear/Forest Blizzard) is actively targeting vulnerable routers globally, including small office/home office (SOHO) devices, to steal login credentials and sensitive information from military, government, and critical infrastructure entities. A recent incident involved the disruption of a GRU-exploited network of compromised SOHO routers used for malicious DNS hijacking. Older, end-of-life TP-Link routers are specifically mentioned as affected by the CVE-2023-50224 vulnerability, lacking manufacturer support. The GRU has harvested passwords, authentication tokens, and sensitive information, including emails and web browsing data, from a wide pool of US and global victims. To mitigate risks, users are advised to immediately change default router passwords, update firmware, upgrade legacy routers, disable or tighten remote management, and periodically restart devices to combat nonpersistent malware.

Key takeaway

The FBI and NSA warn that Russian GRU (APT28) is actively exploiting vulnerable SOHO routers, including older TP-Link models, to steal credentials and sensitive data from military, government, and critical infrastructure targets. Professionals must immediately update firmware, change default router passwords, disable remote management, and replace end-of-life devices to mitigate this state-sponsored espionage threat.

Topics

• Router Vulnerabilities
• FBI NSA Warning
• Russian GRU
• APT28 Cybercrime
• SOHO Router Security

Best for: IT Professional, Security Engineer, General Interest

Related on AIssential

• Route to Rome Attack: Directing LLM Routers to Expensive Models via Adversarial Suffix Optimization — Adversarial suffix optimization can mislead black-box LLM routers into selecting expensive, high-capability models.
• Russian-linked hackers weaponize leaked DarkSword against iPhones — Russian state-sponsored hackers, identified as TA446 (affiliated with Russia's FSB), have launched a spear-phishing campaign weaponizing the recently leaked DarkSword iOS exploit kit to target Apple d…
• The 4th Linux kernel flaw this month can lead to stolen SSH host keys — A long-standing Linux kernel flaw allows unprivileged users to steal sensitive data via `ptrace` during process shutdown.
• FBI Warning: World Cup Scammers Are Spoofing FIFA Tickets, Job Sites — Websites use security services to verify users are not malicious bots, protecting against automated threats.
• How a malicious link could bypass your PC’s built-in SmartScreen — Zero-day vulnerabilities in Windows and Office are under active exploitation, bypassing built-in security features like SmartScreen.
• OpenAI announces new advanced security for ChatGPT accounts, including a partnership with Yubico — Hardware security keys offer robust phishing protection for high-value AI accounts but require careful management.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by News and Advice on the World's Latest Innovations | ZDNET.