Fort Meade, April 7, 2026
The National Security Agency (NSA) and other agencies today co-sealed a Federal Bureau of Investigation (FBI) public service announcement, “Russian GRU Exploiting Vulnerable Routers to Steal Sensitive Information” to encourage further defensive actions.
The U.S. Department of Justice, FBI, and international law enforcement partners recently disrupted a GRU network of compromised small-office home-office (SOHO) routers used as part of malicious hijacking operations. All device owners and network defenders are encouraged to take action to remediate and reduce the attack surface of similar edge devices.
Russian GRU 85th Main Special Service Center (85th GTsSS) cyber actors — also known as APT28, Fancy Bear, and Forest Blizzard — have collected credentials and exploited vulnerable routers worldwide, including compromising TP-Link routers using CVE-2023-50224.The GRU has indiscriminately compromised a wide pool of US and global victims, especially targeting information related to military, government, and critical infrastructure.
The FBI, NSA, and co-sealing agencies encourage SOHO router users to change default usernames and passwords, disable remote management interfaces from the Internet, update to latest firmware versions, and upgrade end-of-support devices. Users should also carefully consider certificate warnings in web browsers and email clients.
Organizations that allow telework should review relevant policies regarding how employees access sensitive data — including the use of virtual private networks (VPNs) or hardened application configurations.
To learn about best practices for securing your home network, please read the published guidance below.
If you, or someone you know, suspects that you have been targeted or compromised by a Russian GRU cyber intrusion, NSA recommends reporting the activity to your local FBI field office, filing a complaint with the Internet Crime Complaint Center (IC3), or otherwise following your organization’s incident reporting requirements.
More information
Source – NSA
Click Here For The Original Source.
