FBI Disrupts Russian GRU Router Exploitation, Urges Public Security Measures The FBI has successfully disrupted a Russian GRU operation that exploited vulnerabilities in U.S. internet routers for espionage. The agency is now urging consumers to take proactive steps to secure their home and office networks, including replacing outdated routers and updating firmware. The Federal Bureau of Investigation (FBI) has recently taken action against a Russian intelligence unit for its exploitation of internet routers in the United States and globally. The GRU, Russia's Main Intelligence Directorate, had compromised a network of small office/home office (SOHO) routers to conduct malicious Domain Name System (DNS) hijacking operations. These operations targeted individuals and sectors of intelligence interest to the Russian government, including military personnel, government officials, and critical infrastructure. The GRU leveraged known vulnerabilities to gain access to credentials for thousands of TP-Link routers, subsequently altering their settings to redirect internet traffic to GRU-controlled servers. This allowed them to facilitate espionage activities by intercepting or manipulating communications. Assistant Director of the FBI's Cyber Division, Brett Leatherman, stated that Russian GRU cyber actors compromised vulnerable routers worldwide, hijacking them for espionage purposes. He confirmed that unsuspecting Americans across at least 23 states had their routers exploited by Russian military intelligence. In response to the significant threat posed by this activity, the FBI, with court authorization, executed an operation to disrupt the GRU's access to compromised devices within the United States. This operation involved gathering evidence from the affected routers and resetting their DNS configurations to prevent them from connecting to the GRU's DNS resolvers. The government asserts that this operation was rigorously tested on affected TP-Link router firmware and hardware and did not negatively impact the routers' normal functionality or access the private data of legitimate users, beyond blocking the GRU's malicious access. Alongside this enforcement action, the FBI, in collaboration with the National Security Agency (NSA) and international partners from 15 countries, released a public service announcement. This announcement provides technical details and defensive guidance for users to secure their networks. While a simple router reboot can offer some protection against certain threats, it is insufficient to address this specific GRU exploitation. The public service announcement strongly advises SOHO device users to replace routers that are at the end of their lifecycle or no longer supported by the manufacturer. Users are also urged to upgrade their router firmware to the latest available versions, verify the legitimacy of DNS resolvers configured in their router settings, and review and implement firewall settings to prevent unauthorized remote management access. Furthermore, it is recommended that users visit the official TP-Link website to consult documentation specific to their device and ensure proper configuration. Checking the end-of-life products list for routers is also crucial to determine if a replacement is necessary. Leatherman emphasized the importance of changing default usernames and passwords, disabling remote management interfaces from the internet, and remaining vigilant for certificate warnings in web browsers and email clients. He concluded by stressing that defending our networks is a collective effort and urged all SOHO router owners to implement the recommended remediation steps. This incident highlights the ongoing threat of sophisticated cyberattacks targeting essential network infrastructure and underscores the critical need for individuals and organizations to prioritize cybersecurity hygiene and stay informed about emerging vulnerabilities