The FBI and NSA jointly announced that Russia has been systematically compromising the security of home routers and small offices since at least 2024.
They obtained a court order allowing them to remotely reset thousands of affected devices in the United States, but if yours is one of them, it needs to be replaced urgently…
CNET reports.
Federal agencies, including the FBI and NSA, revealed on April 7 that a unit of Russia’s military intelligence directorate, the GRU group known as APT28 or Fancy Bear, has been systematically compromising home and small office routers since at least 2024, using that access to intercept credentials, authentication tokens and sensitive communications. The agency took the unusual step of remotely resetting thousands of affected U.S. devices under a court order, but officials warn that without action from individual router owners, the problem is far from resolved.
However, the agencies say the affected routers are no longer receiving security updates and need to be replaced.
The good news is that the average 9to5Mac The reader is unlikely to use one of the affected routers as they are very old. The specific model referenced by the FBI was initially launched in 2007, although the UK’s National Cyber Security Center says other TP-Link models were targeted. These include:
- TP-Link TL-WR841N
- TP-Link LTE MR6400 Wireless N Router
- TP-Link Archer C5 Wireless Dual-Band Gigabit Router
- TP-Link Archer C7 Wireless Dual-Band Gigabit Router
- TP-Link WDR3600 Wireless Dual-Band Gigabit Router
- TP-Link WDR4300 Wireless Dual-Band Gigabit Router
- TP-Link WDR3500 Wireless Dual-Band Router
- TP-Link WR740N Lite N Wireless Router
- TP-Link WR740N/WR741ND Lite N Wireless Router
- TP-Link WR749N Lite N Wireless Router
- TP-Link Wireless N 3G/4G Router MR3420
- TP-Link WA801ND Wireless N Access Point
- TP-Link WA901ND Wireless N Access Point
- TP-Link WR1043ND Wireless N Gigabit Router
- TP-Link WR1045ND Wireless N Gigabit Router
- TP-Link WR840N Wireless N Router
- TP-Link WR841HP Wireless N Router
- TP-Link WR841N Wireless N Router
- TP-Link WR841N/WR841ND Wireless N Router
- TP-Link WR842N Wireless N Router
- TP-Link WR842ND Wireless N Router
- TP-Link WR845N Wireless N Router
- TP-Link WR941ND Wireless N Router
- TP-Link WR945N Wireless N Router
As none of these models are receiving firmware updates yet, they remain vulnerable to further attacks and need to be replaced.
It’s important with any router to make sure you enable automatic firmware updates and change the default admin username and password. Unless you specifically need to access your router remotely, it is also recommended to disable the remote management feature in the administrative settings.
Finally, the FBI specifically recommends that remote workers use a VPN when accessing sensitive data.
Photo by Jackson Sophat on Unsplash
FTC: We use automatic, revenue-generating affiliate links. More.