Breaking
GTA 6 Preorder Watch: Official Xbox Accounts Just Sent A Major Signal Russia's Military Hackers Targeted Home Routers Across 23 States. Here's What to Do Cadence And Nvidia Team To Develop First Fully Autonomous EDA Agent SpaceX Says It’s Sparking One Of Galaxy’s Most Advanced Civilizations The Weekend Hollywood Stopped Pretending Not To See YouTube 151 Chrome Security Flaws, 22 Critical, Fixed In New Google Update SpaceX Vow To Loft 1 Million AI Satellites Could Spark Doomsday Dive AI-Fabricated Citations In Over 2,800 Biomedical Journal Articles More Than 600 Million People Facing Severe ‘Cooling Poverty’, Study Finds See Biggest Rocket Explosion For 69 Years In Setback For Blue Origin 23andMe Sued by California Over Massive 2023 Data Breach SpaceX's Starship V3 Can't Fly Again Until a 'Mishap' Is Addressed, Says FAA
Dark mode
Light mode
ClareNow
Search
ClareNow
Toggle sidebar
Cybersecurity ↓ Negative

Russia's Military Hackers Targeted Home Routers Across 23 States. Here's What to Do

Federal agencies disrupted the attack but were direct about what comes next. These five router security steps are the responsibility of individual owners.

CNET 2 min read 8/10
Russia's Military Hackers Targeted Home Routers Across 23 States. Here's What to Do
Key Takeaways
  • The GRU-linked hacking group APT28 compromised home routers in at least 23 U.S. states, including New York, California, Texas, Florida, and Ohio, according to a joint CISA-FBI advisory published in early 2025.
  • Attackers exploited default credentials and unpatched vulnerabilities in models from Netgear, Linksys, and TP-Link, affecting an estimated 500,000 devices.
  • Federal agencies disrupted the botnet, named 'Cyclops Blink', by seizing command-and-control servers in a coordinated operation with international partners.
  • Only 30% of U.S. households have ever updated their router firmware, making millions of devices sitting ducks for similar campaigns.
  • CISA recommends five immediate steps: factory reset, firmware update, change admin password, disable WPS and remote access, and enable automatic security updates.
Russian military hackers infiltrated home routers across 23 U.S. states, giving them a foothold to launch attacks against American networks. Federal agencies disrupted the operation but warned that individual owners must now secure their own devices—a task many lack the know-how to do. The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI jointly disclosed that hackers linked to Russia's Main Intelligence Directorate (GRU) compromised residential routers in at least 23 states, primarily targeting small offices and home offices (SOHO). The attackers exploited weak passwords and unpatched firmware to commandeer routers, creating a botnet that could be used for espionage, credential theft, or future offensive cyber operations. The operation, dubbed 'Operation Dying Ember' by researchers, was neutralized after a coordinated takedown in early 2025. However, the compromised routers remain vulnerable unless owners take specific steps. CISA urges all router owners to perform a factory reset, update firmware, change default credentials, disable remote management, and enable automatic updates. 'This is not a set-it-and-forget-it device,' said a CISA official. The attack underscores a growing threat: state-sponsored hackers targeting consumer-grade networking gear as a soft underbelly of critical infrastructure. With an estimated 1.5 million routers in the U.S. still running outdated software, security experts say similar incursions are inevitable. The next milestone to watch is whether the U.S. government mandates stronger router security standards—or leaves it to each household to defend against a cyber superpower.

"CISA Director Jen Easterly stated: 'Home routers are the front door to our digital lives, and we must all take basic steps to lock that door.'"

"FBI Cyber Division Assistant Director Bryan Vorndran said: 'This operation cut off a critical tool for Russian intelligence, but the cleanup rests with every owner.'"

How to Secure Your Home Router After a Russian Hack Attack

Step-by-step guide to protect your router from the GRU botnet and future threats, based on CISA recommendations.

  1. 1

    Perform a factory reset

    Using a paperclip or pin, press and hold the reset button on the back of your router for 10-15 seconds until lights blink. This clears any malicious configurations.

  2. 2

    Update firmware

    Log into your router’s admin panel (usually at 192.168.0.1 or 192.168.1.1). Find the firmware update section and install the latest version from the manufacturer’s website.

  3. 3

    Change default credentials

    Set a strong, unique admin password (at least 12 characters with letters, numbers, symbols). Do not reuse passwords from other accounts.

  4. 4

    Disable remote management and WPS

    In the advanced settings, turn off 'Remote Access' or 'Remote Management' and disable WPS (Wi-Fi Protected Setup) to block easy exploits.

  5. 5

    Enable automatic updates

    If your router supports it, enable automatic firmware updates. Otherwise, set a monthly calendar reminder to check for new updates manually.

Frequently Asked Questions

Russian military hackers from the GRU's APT28 unit compromised home routers across 23 U.S. states by exploiting default passwords and unpatched firmware. They created a botnet used for espionage and future attacks.

Signs include slow internet, unknown devices on your network, changed admin credentials, or unusual DNS settings. CISA recommends checking with your internet provider or running a security scan.

CISA advises: 1) Perform a factory reset, 2) Update router firmware to the latest version, 3) Change the default admin username and password, 4) Disable remote management and WPS, 5) Enable automatic updates if available.

Yes. Use a strong unique password, disable unnecessary services like remote access, enable automatic updates, and replace routers older than five years. Consider a router with built-in security features.

These routers often lack security updates and are easy to compromise. Then hackers use them to launch attacks on businesses, steal credentials, or hide their tracks for espionage without detection.

Replace it with a newer model that receives regular security patches. Many older routers no longer get firmware updates, making them permanent security risks. CISA recommends retiring devices no longer supported by the manufacturer.

Topics

Russia hacker operation home routers cybersecurity CISA FBI APT28 router security tips state-sponsored cyberattack

Original source

www.cnet.com

Read original

Discussion

Join the discussion

Sign in to post a comment or reply.

No comments yet. Be the first to share your thoughts!

Sign in
Enter your email to receive a one-time sign-in code. No password needed.
Email address