PHILADELPHIA, PA — Federal authorities have disabled part of a Russian cyber-espionage network that used compromised home and small business internet routers across the United States to steal sensitive data, officials said.
What This Means for You
- Hackers used common home routers to spy on internet activity and steal data
- The FBI remotely fixed affected devices without disrupting normal use
- Users are urged to update, secure, or replace outdated routers immediately
The operation, authorized by a federal court, targeted routers infected by a unit of Russia’s military intelligence agency, known as GRU Unit 26165. The group, also referred to as Fancy Bear and other aliases, used the devices to carry out global cyberattacks, including targeting individuals in government, military, and critical infrastructure sectors.
How the Attack Worked
Investigators said the hackers exploited known security flaws in widely used TP-Link routers to gain access without permission.
Once inside, they altered the routers’ Domain Name System settings — the system that directs internet traffic to the correct websites — to reroute users to malicious servers controlled by the attackers.
This allowed the hackers to conduct what officials describe as “actor-in-the-middle” attacks, where they secretly intercept and manipulate internet traffic. By doing so, they were able to collect passwords, authentication tokens, emails, and other sensitive information from users connected to those networks.
Authorities said the attackers initially targeted devices broadly, then filtered traffic to focus on higher-value intelligence targets.
Federal Response
The FBI carried out what officials described as a “technical operation” to disrupt the scheme inside the United States.
According to court filings, agents sent commands to infected routers that removed the malicious settings, restored legitimate internet routing, and blocked the hackers from regaining access.
Officials said the operation did not collect personal user content and did not interfere with normal router functions.
“Russian military intelligence once again hijacked Americans’ hardware to commandeer critical data,” U.S. Attorney David Metcalf said. “We are committed to disrupting and exposing such threats to our nation’s cybersecurity.”
Assistant Attorney General John A. Eisenberg said the activity represents an ongoing threat, adding that the Justice Department will continue efforts to “expel hostile foreign actors from our Nation’s networks.”
Scope of the Threat
Officials said routers in more than 23 states were used in the operation, with victims including individuals and organizations tied to government, defense, and infrastructure.
The campaign has been active since at least 2024 and relied on widely available vulnerabilities rather than highly specialized tools, making large numbers of devices susceptible.
FBI officials said the attackers used automated systems to identify valuable data streams after gaining access.
What Users Should Do
Authorities are urging anyone with a home or small office router to take immediate steps to secure their devices.
Recommended actions include:
- Replacing outdated routers that no longer receive security updates
- Installing the latest firmware updates from the manufacturer
- Checking router settings to ensure internet traffic is being routed through legitimate servers
- Disabling remote access features unless absolutely necessary
“By working together, we can guard against nefarious nation state actors trying to compromise our national security,” said Ted E. Docks, special agent in charge of the FBI’s Boston Field Office.
Users who believe their devices may be compromised are encouraged to contact their local FBI office or file a report through the Internet Crime Complaint Center at https://www.ic3.gov/.
Additional guidance on securing affected devices is available at:
https://www.tp-link.com/us/support/dl/
https://www.tp-link.com/us/support/faq/3562/
https://www.ic3.gov/PSA/2026/PSA260407
The disruption effort was led by the FBI’s Boston and Philadelphia field offices, along with federal prosecutors in the Eastern District of Pennsylvania and the Justice Department’s National Security Division, with support from private-sector cybersecurity partners.
For the latest news on everything happening in Chester County and the surrounding area, be sure to follow MyChesCo on Google News and MSN.