- The FBI has remotely reset thousands of routers
- The Russian GRU had compromised end-of-life devices
- Routers that have been reset should be replaced and network settings should be checked
The FBI has remotely reset thousands of home and small office routers after releasing a joint press release detailing how Russia compromised devices.
Some brands of routers are known to last up to a decade, and while that’s great for the consumer, developers will often stop releasing updates to keep the router secure.
This leaves them open to compromise by attackers, specifically Russia’s General Directorate of the General Staff (GRU), tracked as APT28 or Fancy Bear, which has been snooping on unsecured routers since at least 2024, the FBI said.
Time to replace your router
If your device is included in the list of compromised devices (listed below) and you have found that it has been reset, the FBI and NSA recommend that you replace your router as soon as possible.
The GRU can prowl unsecured routers to intercept sensitive Internet traffic, including credentials and authentication tokens that can be used to compromise personal and work accounts. The GRU has particularly targeted routers belonging to workers in the military, government and critical infrastructure industries.
“The FBI, NSA, and co-sealing agencies encourage SOHO router users to change default usernames and passwords, disable remote management interfaces from the Internet, update to the latest firmware versions, and upgrade end-of-support devices. Users should also carefully consider certificate warnings in web browsers and email clients,” the NSA said.
In addition, the FBI and NSA recommended that employees use a VPN when accessing sensitive information. Those who suspect they may have been compromised by the GRU should contact their local FBI office and file a complaint with the Internet Crime Complaint Center (IC3).
A press release released by the US Department of Justice detailed that the FBI had created a series of commands that, with court approval, it could send to compromised routers.
The commands were “designed to gather evidence regarding the activity of GRU actors, reset DNS settings (ie, remove GRU DNS resolvers and force routers to obtain legitimate DNS resolvers from their Internet Service Providers (ISP)), and otherwise prevent GRU actors from exploiting the original means of unauthorized access.”
The Justice Department added that the operation did not interfere with the router’s normal functions, nor did it collect any legitimate user data.
The full list of targeted routers includes:
- TP-Link TL-WR841N
- TP-Link LTE Wireless N Router MR6400
- TP-Link Wireless Dual Band Gigabit Router Archer C5
- TP-Link Wireless Dual Band Gigabit Router Archer C7
- TP-Link Wireless Dual Band Gigabit Router WDR3600
- TP-Link Wireless Dual Band Gigabit Router WDR4300
- TP-Link Wireless Dual Band Router WDR3500
- TP-Link Wireless Lite N Router WR740N
- TP-Link Wireless Lite N Router WR740N/WR741ND
- TP-Link Wireless Lite N Router WR749N
- TP-Link Wireless N 3G/4G Router MR3420
- TP-Link Wireless N Access Point WA801ND
- TP-Link Wireless N Access Point WA901ND
- TP-Link Wireless N Gigabit Router WR1043ND
- TP-Link Wireless N Gigabit Router WR1045ND
- TP-Link Wireless N Router WR840N
- TP-Link wireless N router WR841HP
- TP-Link wireless N router WR841N
- TP-Link Wireless N Router WR841N/WR841ND
- TP-Link Wireless N Router WR842N
- TP-Link Wireless N Router WR842ND
- TP-Link wireless N router WR845N
- TP-Link Wireless N Router WR941ND
- TP-Link Wireless N Router WR945N
The Department of Justice included a list of remedies for all routers:
- Replace end-of-life and end-of-support routers;
- Upgrade to the latest firmware available;
- Verify the authenticity of DNS resolvers specified in the router settings; and
- Review and implement firewall rules to prevent unwanted exposure of remote management services.
“Operation Masquerade – led by FBI Boston – is the latest example of how we are defending our homeland from Russia’s GRU, which weaponized routers owned by unsuspecting Americans in more than 23 states to steal sensitive government, military and critical infrastructure information,” said Special Agent Ted E. Docks of the FBI’s Boston Field Office.
“The FBI used cutting-edge technology and leveraged our private sector and international partners to uncover this malicious activity and remediate routers. Now we’re asking everyone who has a router to secure it, update its firmware and replace it if necessary. By working together, we can protect ourselves from malicious nation-state actors trying to compromise our national security.”
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
