1. Forum
  2. FidoNet
  3. CONSPRCY

  • FBI remotely resets 1000s of private routers

    From Mike Powell@1:2320/105 to All on Thu May 14 08:04:28 2026
    The FBI just remotely reset thousands of home and small office routers and your TP-Link could be on the hitlist

    Date:
    Wed, 13 May 2026 15:05:00 +0000

    Description:
    The FBI obtained court-authorization to reset thousands of routers remotely, so they could kick lurking Russian hackers out of compromised networks

    FULL STORY
    Routers that have been reset should be replaced, and network setting checked

    The FBI have remotely reset thousands of home and small office routers after releasing a joint press release detailing how Russia has been compromising devices.

    Some brands of routers are known for lasting upwards of a decade, and while that's great for the consumer, the developers will often stop releasing updates to keep the router secure. This leaves them open to compromise by attackers, specifically Russias Main Directorate of the General Staff (GRU), tracked as APT28 or Fancy Bear, which has been snooping on unsecured routers since at least 2024, the FBI said .

    Time to replace your router

    If your device is included in the list of compromised devices
    (listed below), and you have found that it has been reset, the FBI and NSA recommend that you replace your router as soon as possible.

    The GRU could be snooping on unsecured routers to intercept sensitive
    internet traffic, including credentials and authentication tokens that can be used to compromise personal and work accounts. In particular, GRU has been targeting routers belonging to workers in the military, government, and critical infrastructure industries.

    The FBI, NSA, and co-sealing agencies encourage SOHO router users to change default usernames and passwords, disable remote management interfaces from
    the Internet, update to latest firmware versions, and upgrade end-of-support devices. Users should also carefully consider certificate warnings in web browsers and email clients, the NSA said .

    Additionally, the FBI and NSA recommended that employees use a VPN when accessing sensitive information. Those that suspect they may have been compromised by the GRU should contact their local FBI field office and file a complaint with the Internet Crime Complaint Center (IC3).

    A press release published by the US Justice Department detailed that the FBI had created a series of commands that, with court-authorization, it could
    send to compromised routers.

    The commands were designed to collect evidence regarding the GRU actors activity, reset DNS settings (i.e., remove GRU DNS resolvers and force
    routers to obtain legitimate DNS resolvers from their Internet Service Providers (ISP)), and to otherwise prevent the GRU actors from exploiting the original means of unauthorized access.

    The Justice Department added that the operation did not interfere with the normal functions of the router, nor did it collect any legitimate user data.

    The full list of targeted routers includes: TP-Link TL-WR841N TP-Link LTE Wireless N Router MR6400 TP-Link Wireless Dual Band Gigabit Router Archer C5 TP-Link Wireless Dual Band Gigabit Router Archer C7 TP-Link Wireless Dual
    Band Gigabit Router WDR3600 TP-Link Wireless Dual Band Gigabit Router WDR4300 TP-Link Wireless Dual Band Router WDR3500 TP-Link Wireless Lite N Router WR740N TP-Link Wireless Lite N Router WR740N/WR741ND TP-Link Wireless Lite N Router WR749N TP-Link Wireless N 3G/4G Router MR3420 TP-Link Wireless N
    Access Point WA801ND TP-Link Wireless N Access Point WA901ND TP-Link Wireless N Gigabit Router WR1043ND TP-Link Wireless N Gigabit Router WR1045ND TP-Link Wireless N Router WR840N TP-Link Wireless N Router WR841HP TP-Link Wireless N Router WR841N TP-Link Wireless N Router WR841N/WR841ND TP-Link Wireless N Router WR842N TP-Link Wireless N Router WR842ND TP-Link Wireless N Router WR845N TP-Link Wireless N Router WR941ND TP-Link Wireless N Router WR945N

    The Justice Department included a list of remediations for all routers: Replace End-of-Life and End-of-Support routers; Upgrade to the latest available firmware; Verify the authenticity of DNS resolvers listed in router settings; and Review and implement firewall rules to prevent the unwanted exposure of remote management services.

    "Operation Masquerade led by FBI Boston is the
    latest example of how were defending our homeland from Russias GRU which weaponized routers owned by unsuspecting Americans in more than 23 states to steal sensitive government, military, and critical infrastructure information," said Special Agent in Charge Ted E. Docks of the FBIs Boston Field Office.

    "The FBI utilized cutting edge technology and leveraged our private sector and international partners to unmask this malicious activity and remediate routers. Now were asking everyone who has a router to secure it, update its firmware, and replace it if needed. By working together, we can guard against nefarious nation state actors trying to compromise our national security."

    Link to news story: https://www.techradar.com/pro/security/the-fbi-just-remotely-reset-thousands-o f-home-and-small-office-routers-and-your-tp-link-could-be-on-the-hitlist

    $$
    --- MultiMail/DOS
    * Origin: Capitol City Hub (1:2320/105)