- The FBI has remotely rebooted thousands of routers
- The Russian GRU had compromised devices at the end of their useful life
- Routers that have been rebooted should be replaced and network settings checked.
The FBI has remotely rebooted thousands of home and small office routers after publishing a joint press release detailing how Russia has been compromising the devices.
Some router brands are known for lasting more than a decade, and while that’s great for the consumer, developers often stop releasing updates to keep the router safe.
This leaves them open to being compromised by attackers, specifically the Main Directorate of the Russian General Staff (GRU), tracked as APT28 or Fancy Bear, which has been spying on unsecured routers since at least 2024, the FBI said.
It’s time to replace your router
If your device is included in the list of compromised devices (listed below) and you discover that it has been reset, the FBI and NSA recommend that you replace your router as soon as possible.
The GRU could be spying on unsecured routers to intercept sensitive Internet traffic, including credentials and authentication tokens that can be used to compromise personal and work accounts. In particular, GRU has been targeting routers belonging to workers in the military, government, and critical infrastructure industries.
“The FBI, NSA, and joint seal agencies encourage SOHO router users to change default usernames and passwords, disable remote management interfaces from the Internet, upgrade to the latest firmware versions, and upgrade end-of-support devices. Users should also carefully consider certificate warnings in web browsers and email clients,” the NSA said.
Additionally, the FBI and NSA recommended that employees use a VPN when accessing sensitive information. Those who suspect they may have been compromised by the GRU should contact their local FBI office and file a complaint with the Internet Crime Complaint Center (IC3).
A press release published by the United States Department of Justice detailed that the FBI had created a series of commands that, with judicial authorization, it could send to compromised routers.
The commands were “designed to gather evidence about the activity of GRU actors, reset DNS settings (i.e., remove GRU DNS resolvers and force routers to obtain legitimate DNS resolvers from their Internet Service Providers (ISPs)), and otherwise prevent GRU actors from exploiting the original means of unauthorized access.”
The Justice Department added that the operation did not interfere with the router’s normal functions or collect legitimate user data.
The full list of specific routers includes:
- TP-Link TL-WR841N
- TP-Link MR6400 Wireless N LTE Router
- TP-Link Archer C5 Dual Band Wireless Gigabit Router
- TP-Link Archer C7 Dual Band Wireless Gigabit Router
- TP-Link WDR3600 Dual Band Wireless Gigabit Router
- TP-Link WDR4300 Dual Band Wireless Gigabit Router
- TP-Link WDR3500 Dual Band Wireless Router
- TP-Link WR740N Lite N Wireless Router
- TP-Link WR740N/WR741ND Lite N Wireless Router
- TP-Link WR749N Lite N Wireless Router
- TP-Link MR3420 Wireless N 3G/4G Router
- TP-Link WA801ND Wireless N Access Point
- TP-Link WA901ND Wireless N Access Point
- TP-Link WR1043ND Wireless N Gigabit Router
- TP-Link WR1045ND Wireless N Gigabit Router
- TP-Link WR840N Wireless N Router
- TP-Link WR841HP Wireless N Router
- TP-Link WR841N Wireless N Router
- TP-Link WR841N/WR841ND Wireless N Router
- TP-Link WR842N Wireless N Router
- TP-Link WR842ND Wireless N Router
- TP-Link WR845N Wireless N Router
- TP-Link WR941ND Wireless N Router
- TP-Link WR945N Wireless N Router
The Department of Justice included a list of solutions for all routers:
- Replace routers at end of life and end of support;
- Update to the latest available firmware;
- Check the authenticity of the DNS resolvers listed in the router settings; and
- Review and implement firewall rules to prevent unwanted exposure of remote management services.
“Operation Masquerade, led by FBI Boston, is the latest example of how we are defending our homeland from Russia’s GRU, which has weaponized routers owned by unsuspecting Americans in more than 23 states to steal sensitive government, military and critical infrastructure information,” said Special Agent in Charge Ted E. Docks of the FBI’s Boston Field Office.
“The FBI used cutting-edge technology and leveraged our private sector and international partners to unmask this malicious activity and repair routers. We are now asking everyone who has a router to secure it, update its firmware, and replace it if necessary. By working together, we can protect ourselves against nefarious nation-state actors attempting to compromise our national security.”
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
