The National Security Agency has joined the FBI and international partners in issuing a public warning about Russian military intelligence cyber actors exploiting vulnerable routers to steal sensitive information from government, military and critical infrastructure targets.
The alert follows a recent law enforcement operation that disrupted a network of compromised small-office and home-office routers used by Russia’s GRU to conduct malicious cyber activities, including domain name system, or DNS, hijacking, NSA said Tuesday.
Government and industry leaders will discuss evolving cyberthreats and strategies to strengthen federal cybersecurity at the Potomac Officers Club’s 2026 Cyber Summit on May 21. Register now.
Table of Contents
How Are GRU Hackers Exploiting Routers?
According to the joint advisory, GRU-linked actors, known as APT28, Fancy Bear and Forest Blizzard, have been targeting vulnerable edge devices since at least 2024 to gain access to sensitive data.
The campaign involves exploiting router vulnerabilities, including flaws affecting TP-Link devices, to alter DNS settings and redirect internet traffic to fraudulent sites or services, including commonly used platforms such as web-based email systems.
Once compromised, routers enable adversaries to intercept encrypted traffic through adversary-in-the-middle attacks, allowing them to collect credentials, authentication tokens, emails and browsing data that would otherwise be protected.
The activity has affected a broad range of victims globally, with threat actors narrowing their focus to information tied to defense, government operations and critical infrastructure.
The advisory notes that compromised devices can impact multiple connected systems, including laptops and mobile devices, extending the reach of the intrusion beyond the router itself.
What Steps Should Users and Organizations Take?
U.S. and allied agencies are urging individuals and organizations to take immediate steps to secure network devices and reduce exposure.
Recommended actions include changing default usernames and passwords, updating routers with the latest firmware, disabling remote management access from the internet, and replacing end-of-support devices.
Users are also advised to treat browser and email certificate warnings with caution, as these may indicate interception attempts.
For organizations supporting remote work, the guidance emphasizes reviewing access policies, including the use of virtual private networks and hardened configurations to protect sensitive systems.
What Should Victims Do Next?
Agencies recommend reporting suspected compromises to local FBI field offices or submitting complaints through the Internet Crime Complaint Center.
Related Articles
The Department of Health and Human Services has transitioned its payroll system to the cloud as part of a push to accelerate service delivery, improve interoperability and advance the shift to a shared human resource platform. The department’s move to a cloud-based payroll system highlights the kind of digital transformation reshaping federal operations today. Government leaders driving AI adoption and enterprise IT modernization efforts will share insights at the 2026 Digital Transformation Summit on April 22. Register now! HHS said Wednesday the replacement of the COBOL-based payroll system seeks to address increasing operational complexity and rising maintenance costs tied to
The 2026 Wash100 Popular Vote is surging into a high-stakes phase with only three weeks left in this exciting competition. Industry leaders are still making decisive moves up the leaderboard while new contenders emerge with force. Make sure to cast your votes before April 30th—all participants receive 10 votes—to elevate your top choices for the 2026 win. With rankings shifting and momentum accelerating, the competition is becoming more intense and unpredictable by the day. Who Are the New Forces Shaking Up the Leaderboard? This week brought a powerful infusion of new energy, with high-impact debuts that are immediately reshaping the competitive landscape.
The U.S. Navy has named Peter Reddy as executive director of the Naval Sea Systems Command’s Naval Surface and Undersea Warfare Centers, placing a senior engineering and acquisition official in charge of the service’s core technical enterprise at a time of mounting pressure on fleet delivery and modernization. The Potomac Officers Club’s 2026 Navy Summit on Aug. 27 convenes a high-level assembly of Navy leaders, defense officials and industry innovators to navigate the emerging technologies and modernization priorities critical to the future of naval dominance. Register now! Reddy most recently served as deputy assistant secretary of the Navy for research,