Overview
- The FBI and NSA say Russia’s APT28, a GRU hacking unit, has been taking over home and small‑office routers by changing their DNS settings to divert users to fake login pages and steal passwords.
- U.S. officials report they disrupted a network of compromised SOHO routers that the GRU used for malicious DNS hijacking operations against global targets.
- The FBI says the attackers have harvested passwords, authentication tokens, and sensitive data such as emails and web browsing information that would normally be protected by SSL/TLS encryption.
- NSA guidance urges immediate “router hygiene” that includes updating firmware, changing default admin credentials, turning off or locking down remote management, replacing unsupported devices, and restarting routers weekly to clear nonpersistent malware.
- TP‑Link acknowledged many affected models tied to CVE‑2023‑50224 are end‑of‑life with no security patches, leaving owners vulnerable and likely pushing hardware replacements as regulators scrutinize foreign‑made routers.