FBI advises router owners to refresh their firmware following Russian GRU breach

FBI Warns About Foreign Hackers Targeting Routers

Foreign hackers are reportedly trying to take advantage of weaknesses in American Internet routers. In response, the FBI is sharing advice for safeguarding your home or office router following their recent operations to counteract Russian cyber threats.

Just last week, the FBI and the Justice Department revealed that they had carried out a court-approved operation aimed at disrupting a network of compromised small office/home office (SOHO) routers within the U.S. These routers were reportedly manipulated by the Russian military intelligence unit known as the GRU.

The GRU utilized these routers for harmful Domain Name System (DNS) hijacking attacks against various intelligence targets globally, which included personnel from military, governmental, and critical infrastructure sectors. They exploited known vulnerabilities to gain access to the credentials of numerous TP-Link routers, changing their settings to direct traffic to GRU servers.

According to Brett Leatherman, the deputy director of the FBI’s cyber division, the use of these routers had reached at least 23 states. This revelation prompted a decisive FBI initiative to cut off the GRU’s access to these hijacked devices in the country.

New Measures on Foreign-Made Routers Due to Security Issues

This operation sought to gather evidence while also resetting compromised router DNS settings to prevent redirection to GRU-controlled servers. In court documents, the government asserted extensive testing of the operation ensured that, aside from blocking GRU access, regular router functionality remained unaffected, and no content information from authorized users was collected.

Public Awareness and Consumer Safety

As part of a broader campaign, the FBI, NSA, and 15 international partners released a public service announcement urging individuals to take measures for their cyber safety. They noted that restarting a router can help mitigate some risks, although it’s not a comprehensive solution.

Users are encouraged to replace outdated routers, install the latest firmware, verify DNS resolvers, and adjust firewall settings to curb unnecessary exposure. Moreover, visiting the official TP-Link website for proper configuration guidance is recommended.

Leatherman emphasized the importance of being proactive: all owners of SOHO routers should replace any end-of-life devices, update firmware, change default login credentials, disable remote management from the internet, and stay alert for certificate warnings in their browsers.