The National Security Agency has joined the FBI to warn Americans that Russian military intelligence hackers have been exploiting vulnerable home and small office routers to steal sensitive information.
The FBI said the hackers have targeted routers worldwide to intercept data tied to military, government, and critical infrastructure networks.
The operation involves compromising small office and home office routers, then changing key internet settings so web traffic can be redirected through systems controlled by the attackers.
That can let the attackers capture passwords, authentication tokens, emails, and browsing activity that users would normally expect to remain protected.
The FBI said the activity has been linked to Russian GRU cyber actors known as APT28, Fancy Bear, and Forest Blizzard, and said the campaign has affected victims in the U.S. and other countries.
The warning says the group has been exploiting known router vulnerabilities, including a flaw affecting certain TP-Link devices, then narrowing its focus to information related to government, military, and critical infrastructure targets.
Because phones, laptops, and other devices rely on router settings to connect to the internet, a compromised router can expose far more than the router itself.
The FBI and NSA urged users to change default usernames and passwords, install the latest firmware updates, disable remote management from the internet, and replace devices that are no longer supported with security updates.
The agencies also said people should take browser and email certificate warnings seriously, because those warnings can signal an attempt to intercept secure traffic.
For employers that allow remote work, the guidance says companies should review how workers connect to sensitive systems, including the use of virtual private networks and more secure application settings.
The FBI said people who believe they may have been targeted should contact a local FBI field office or file a complaint with the Internet Crime Complaint Center.
The warning follows a recent Justice Department and FBI disruption of a GRU network of compromised routers used in malicious DNS hijacking operations, according to the public service announcement.
The safety advisory was issued with participation from multiple U.S. and international cyber and intelligence partners, in addition to the FBI and NSA.
Jim Mishler ✉
Jim Mishler, a seasoned reporter, anchor and news director, has decades of experience covering crime, politics and environmental issues.
© 2026 Newsmax. All rights reserved.