The National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) released a public service announcement on April 7, 2026 warning that Russian GRU cyber actors—also known as APT28, Fancy Bear, and Forest Blizzard—have been using vulnerable small‑office home‑office (SOHO) routers to steal credentials and launch DNS hijacking. The agencies said a recent operation disrupted a GRU network that had compromised TP‑Link routers through CVE‑2023‑50224. The warning urges all router owners to change default usernames and passwords, disable remote management from the Internet, update firmware, and replace end‑of‑support devices. Organizations are also advised to review telework policies and use VPNs or hardened configurations. Report suspected attacks to the local FBI field office or the Internet Crime Complaint Center.
Made by AI. If you spot anything of concern write us at contact@cybach.com. We’ll promptly correct irregularities.