Your home router, sitting silently in a corner of your living room, has been silently weaponized by Russian military intelligence to spy on government officials, military personnel, and critical infrastructure operators across America.
Quick Take
- Russian GRU military intelligence compromised thousands of TP-Link routers across at least 23 U.S. states using known vulnerabilities to conduct DNS hijacking operations targeting government, military, and critical infrastructure sectors.
- The FBI conducted a court-authorized disruption operation that reset DNS settings on compromised routers, preventing further GRU access while preserving normal functionality and user privacy.
- Immediate actions for all router owners include replacing end-of-life devices, updating firmware, changing default credentials, disabling remote management, and verifying the authenticity of DNS resolvers.
- This operation represents a rare public victory in cyber defense, though experts warn that consumer compliance remains around 40 percent, leaving millions vulnerable to similar attacks.
The Hidden Threat in Your Home Network
Russian military intelligence operatives systematically exploited known vulnerabilities in consumer routers to establish persistent footholds inside American networks.
Since at least 2024, the GRU’s Military Unit 26165, also known as APT28 or Fancy Bear, has stolen credentials for thousands of TP-Link routers worldwide.
Once inside, they manipulated router settings to redirect DNS requests to GRU-controlled servers, allowing them to harvest unencrypted passwords, authentication tokens, emails, and sensitive information from every device connected to those networks.
FBI offers urgent guidance on securing home routers after disrupting Russian intelligence hacking network https://t.co/1UuQ6CciVA
— FOX Business (@FoxBusiness) April 15, 2026
Operation Disruption: A Court-Authorized Takedown
The FBI and Justice Department announced a court-authorized technical operation to neutralize the U.S. portion of this compromised router network.
FBI personnel developed a series of commands to send directly to affected routers, collecting evidence of GRU activity, resetting DNS settings, and preventing future unauthorized access.
The operation extensively tested these commands on TP-Link firmware and hardware to ensure they would not disrupt normal router functionality or collect legitimate user content. The result: a surgical strike against Russian espionage infrastructure operating inside American homes.
Brett Leatherman, assistant director of the FBI’s Cyber Division, emphasized the scale of the threat: unsuspecting Americans in at least 23 states owned routers that were exploited by Russian military intelligence.
The FBI, working with the NSA and international partners from 15 countries, released a comprehensive Public Service Announcement with technical information and defensive guidance. This multi-national coordination represents a rare display of unified cyber defense against a nation-state actor.
What You Must Do Now
The FBI and NSA issued specific, actionable remediation steps that every router owner should implement immediately. Replace end-of-life and end-of-support routers; outdated devices cannot receive security patches and remain permanently vulnerable.
Upgrade to the latest available firmware by visiting your router manufacturer’s official website. Change default usernames and passwords, as these are the first credentials attackers try. Disable remote management interfaces on the internet to prevent unauthorized access from outside your home network.
Verify the authenticity of DNS resolvers listed in your router settings, ensuring they match your Internet Service Provider’s legitimate servers rather than GRU-controlled addresses.
Review and implement firewall settings to prevent unwanted exposure of remote management systems. These steps sound technical, but they are the difference between a secure home network and one that becomes a staging ground for espionage against your government and fellow citizens.
The Compliance Challenge Ahead
Despite the FBI’s urgent warnings and the scale of this operation, consumer compliance remains troublingly low at approximately 40%.
Millions of Americans continue using vulnerable routers, unaware that their home networks serve as intelligence-gathering platforms for a foreign military power.
The FBI is working with Internet Service Providers to provide notice of the operation to affected users, but awareness alone does not guarantee action. Many people simply do not prioritize router security until a breach directly impacts them.
The court-authorized remediation steps applied by the FBI can be reversed by legitimate users at any time through factory resets using hardware reset buttons or by logging in to web management pages and restoring the desired settings.
This flexibility ensures that the FBI’s intervention respects user autonomy while eliminating the GRU’s immediate access. However, users must take the next step independently by implementing the recommended security measures to prevent re-compromise.
A Rare Victory in Cyber Defense
This operation marks a significant achievement in American cyber defense. The FBI disrupted a sophisticated Russian military intelligence network operating across multiple countries, collected evidence of GRU activities, and provided the public with concrete guidance to protect themselves.
Unlike many cyber incidents that remain invisible to ordinary Americans, this takedown was announced publicly, demonstrating both capability and resolve.
The operation involved extensive international cooperation, legal authorization, and technical precision, setting a template for future disruptions to nation-state cyber operations targeting consumer infrastructure.
Sources:
FBI urges router owners to update firmware after Russian GRU hack
Justice Department Conducts Court-Authorized Disruption of DNS Hijacking Network Controlled
NSA, FBI Warn of GRU Router Hacks Targeting Data
