- My Forums
- Tiger Rant
- LSU Recruiting
- SEC Rant
- Saints Talk
- Pelicans Talk
- More Sports Board
- Fantasy Sports
- Golf Board
- Soccer Board
- O-T Lounge
- Tech Board
- Home/Garden Board
- Outdoor Board
- Health/Fitness Board
- Movie/TV Board
- Book Board
- Music Board
- Political Talk
- Money Talk
- Fark Board
- Gaming Board
- Travel Board
- Food/Drink Board
- Ticket Exchange
- TD Help Board
Customize My Forums- View All Forums
- Show Left Links
- Topic Sort Options
- Trending Topics
- Recent Topics
- Active Topics
Started By
Message
Russia's Military Hackers Targeted Home Routers Across 23 States. Here's What to Do
Posted on 6/7/26 at 10:46 pm
Posted on 6/7/26 at 10:46 pm
LINK
For years, a unit of Russia's military intelligence agency quietly turned ordinary home routers into tools of espionage. The GRU group known as APT28, the same outfit behind the 2016 DNC hack and a string of attacks on NATO targets, exploited unpatched firmware and unchanged default passwords to compromise thousands of devices across 23 US states, redirecting internet traffic through servers under Russian control and harvesting credentials along the way. Federal agents disrupted the operation in April under a court order. What they couldn't do from a distance was fix the underlying vulnerabilities. That requires five steps from you.
The attack targeted small-office/home-office routers, also known as SOHO routers, and was carried out by a unit in the Russian military intelligence agency, the GRU. Government agencies are urging people to follow basic router hygiene steps, such as updating to the latest firmware and changing default login credentials. The UK's National Cyber Security Centre includes a number of TP-Link routers specifically targeted by the hackers.
While that news sounds pretty alarming, it's worth keeping in mind that the attack compromised enterprise routers specifically, so your home Wi-Fi router likely isn't at risk. That said, some of the affected routers can be used as standard home routers, so it's worth checking whether your model was exploited in the attack.
"There is a big trend of exploiting routers these days, and that goes both for the consumer and enterprise or corporate routers," Daniel Dos Santos, vice president of research at the cybersecurity company Forescout, told CNET.
What type of attack is this?
A news release from the NSA notes that the attack indiscriminately targeted a wide pool of routers, with the goal of gathering information on "military, government, and critical infrastructure."
This attack is linked to threat actors within the Russian GRU -- which go by APT28, Fancy Bear, Forest Blizzard and other names -- and has been ongoing since at least 2024, according to the FBI.
It's known as a Domain Name System hijacking operation, in which DNS requests are intercepted by changing the default network configurations on SOHO routers, allowing the actors to see a user's traffic unencrypted.
"For nation-state actors like Forest Blizzard, DNS hijacking enables persistent, passive visibility and reconnaissance at scale," says a Microsoft Threat Intelligence report on the attack.
Microsoft identified more than 200 organizations and 5,000 consumer devices impacted by the GRU's attack.
For years, a unit of Russia's military intelligence agency quietly turned ordinary home routers into tools of espionage. The GRU group known as APT28, the same outfit behind the 2016 DNC hack and a string of attacks on NATO targets, exploited unpatched firmware and unchanged default passwords to compromise thousands of devices across 23 US states, redirecting internet traffic through servers under Russian control and harvesting credentials along the way. Federal agents disrupted the operation in April under a court order. What they couldn't do from a distance was fix the underlying vulnerabilities. That requires five steps from you.
The attack targeted small-office/home-office routers, also known as SOHO routers, and was carried out by a unit in the Russian military intelligence agency, the GRU. Government agencies are urging people to follow basic router hygiene steps, such as updating to the latest firmware and changing default login credentials. The UK's National Cyber Security Centre includes a number of TP-Link routers specifically targeted by the hackers.
While that news sounds pretty alarming, it's worth keeping in mind that the attack compromised enterprise routers specifically, so your home Wi-Fi router likely isn't at risk. That said, some of the affected routers can be used as standard home routers, so it's worth checking whether your model was exploited in the attack.
"There is a big trend of exploiting routers these days, and that goes both for the consumer and enterprise or corporate routers," Daniel Dos Santos, vice president of research at the cybersecurity company Forescout, told CNET.
What type of attack is this?
A news release from the NSA notes that the attack indiscriminately targeted a wide pool of routers, with the goal of gathering information on "military, government, and critical infrastructure."
This attack is linked to threat actors within the Russian GRU -- which go by APT28, Fancy Bear, Forest Blizzard and other names -- and has been ongoing since at least 2024, according to the FBI.
It's known as a Domain Name System hijacking operation, in which DNS requests are intercepted by changing the default network configurations on SOHO routers, allowing the actors to see a user's traffic unencrypted.
"For nation-state actors like Forest Blizzard, DNS hijacking enables persistent, passive visibility and reconnaissance at scale," says a Microsoft Threat Intelligence report on the attack.
Microsoft identified more than 200 organizations and 5,000 consumer devices impacted by the GRU's attack.
18
Posted on 6/7/26 at 10:48 pm to Eurocat
Which 23 states?
Posted on 6/7/26 at 10:51 pm to Eurocat
This is why I kept dial up
Posted on 6/7/26 at 10:54 pm to Eurocat
I lost part of my life reading that, I wnat it back, kit
Posted on 6/7/26 at 10:56 pm to Eurocat
Being in the cybersecurity field, state sponsored threat actors are not interested in Joe Blow's home office and personal laptop.
They are interested in your home office and personal laptop if you are a target of theirs (public figure, employee of an enterprise with escalated privileges, executives, etc).
98% of people on this site don't have worry about being targeted lol
They are interested in your home office and personal laptop if you are a target of theirs (public figure, employee of an enterprise with escalated privileges, executives, etc).
98% of people on this site don't have worry about being targeted lol
Posted on 6/7/26 at 11:05 pm to Eurocat
quote:
This attack is linked to threat actors within the Russian GRU -- which go by APT28, Fancy Bear, Forest Blizzard and other names
Wo... would one of their code names also happen to be... Dancing Bear?
For a friend.
Posted on 6/7/26 at 11:24 pm to Eurocat
When I see GRU I think of yellow Minions.
Posted on 6/7/26 at 11:32 pm to Eurocat
You better be careful posting stuff like that. The Putin brigade is all over this message board. They won’t accept this kind of talk.
Posted on 6/7/26 at 11:40 pm to Eurocat
quote:
23 States
That’s almost half.
Posted on 6/8/26 at 2:04 am to Eurocat
quote:
The GRU group known as APT28, the same outfit behind the 2016 DNC hack
Stopped reading here
Posted on 6/8/26 at 5:51 am to Eurocat
Sounds similar to the German hacker Cliff Stoll tracked down that was trying to use the Lawrence Berkeley National Laboratory network to access government systems.
Posted on 6/8/26 at 6:20 am to Roy Curado
quote:
98% of people on this site don't have worry about being targeted lol
The Russians know about the state secrets disclosed on the mighty OT lounge.
Posted on 6/8/26 at 6:27 am to TaderSalad
The Russians know about the state secrets disclosed on the mighty OT lounge.
—-From now on, You don’t log into OT Lounge, OT Lounge logs into you.
—-From now on, You don’t log into OT Lounge, OT Lounge logs into you.
Posted on 6/8/26 at 6:41 am to Eurocat
Well….that article was absolutely useless
Posted on 6/8/26 at 6:42 am to cypresstiger
And likes it!
Posted on 6/8/26 at 6:48 am to Eurocat
Liberal posters obsession with Russia while China is 100x the threat never ceases to amaze
Incredible.
Incredible.
Posted on 6/8/26 at 6:49 am to texag7
You can be worried about both at the same time.
Posted on 6/8/26 at 6:53 am to Roy Curado
quote:
Being in the cybersecurity field, state sponsored threat actors are not interested in Joe Blow's home office and personal laptop.
The OP forgets that the reason Russia is bad is because of the USA/NATO expansion.
Posted on 6/8/26 at 6:55 am to Eurocat
quote:
follow basic router hygiene
They laughed at me when I washed my router in antibacterial soap.
Who's laughing now?
Posted on 6/8/26 at 6:55 am to thermal9221
Russia is bad because Russia is bad.
Page 1 of 2
Popular
Back to top
Follow TigerDroppings for LSU Football News