Overview
- The FBI, which on Wednesday disclosed it had dismantled Operation Masquerade, said a GRU unit hijacked thousands of home and small-office routers to collect intelligence.
- Agents cut the attackers off by isolating infected devices, restoring settings, and blocking command servers in a court-authorized action led with the Department of Justice.
- The campaign used weak router setups to redirect web requests through attacker-controlled servers, which let operators read unencrypted data and steal login credentials without tipping off users.
- Microsoft and Lumen reported roughly 200 organizations and about 5,000 devices affected across multiple countries, with U.S. infections spanning at least 23 states and a focus on government and military targets in the West.
- Officials warn the risk persists and urge users to update firmware, change default passwords, turn off remote management, and factory reset if compromise is suspected, since routers at the network edge can quietly expose everything that passes through them.