FBI Warns of Router Security Risks After Russian Hacking Campaign

Russian military hackers compromised internet routers in more than 23 states, according to federal authorities, highlighting how vulnerable home and small-office networks can become when basic security measures are overlooked.

The U.S. Department of Justice and FBI recently announced a court-authorized operation to disrupt a cyber-espionage campaign conducted by Russian military intelligence. The operation targeted a network of compromised home and small-office routers that had been used to conceal cyberattacks and support intelligence-gathering activities.

The incident serves as a reminder that routers are often overlooked as a cybersecurity risk. While organizations typically focus on endpoint protection, email security, and multi-factor authentication, the network equipment that connects users to the internet remains a critical line of defense. A compromised router can allow attackers to monitor traffic, hide malicious activity, or use the device as part of a larger cyberattack infrastructure.

Russian Military Hackers Used Compromised Routers for Cyber-Espionage 

According to federal officials, the attackers compromised thousands of internet-connected routers and changed their Domain Name System (DNS) settings. This technique, known as DNS hijacking, allows hackers to redirect internet traffic through systems they control, potentially giving them access to sensitive information. 

While the campaign primarily targeted organizations connected to government, military, and critical infrastructure sectors, many of the compromised devices belonged to consumers and small businesses. According to the FBI, the Russian operation compromised routers owned by Americans in more than 23 states as part of a broader global cyber-espionage campaign. Although the announcement does not reveal which states were impacted, CNET provided a list of affected devices. 

As part of the operation, federal agents remotely removed malicious configurations and blocked the attackers from regaining access to U.S.-based devices. Officials said the action did not disrupt normal internet service or collect users’ personal data. 

How DNS Hijacking Works 

DNS serves as the internet’s address book, translating website names into the numerical addresses computers use to communicate. 

When hackers alter a router’s DNS settings, they can redirect users to fraudulent websites, intercept internet traffic, or capture login credentials and other sensitive information. Because the router sits between users and the internet, a compromised device can affect every computer, smartphone, and connected device on the network. 

Why Home Routers Matter to Business Security and to HIPAA Compliance

For organizations with remote employees, home routers can become a pathway into business systems if proper security controls are not in place. A vulnerable router may allow attackers to monitor internet traffic, redirect users to malicious websites, or facilitate additional attacks against connected devices. 

As hybrid and remote work environments continue to expand, organizations should consider including router security in remote-work security policies and ensure it’s covered in employee cybersecurity awareness and training programs.

Both the HIPAA Privacy and Security Rules have specific requirements regarding workforce training, security reminders, and periodic updates. Additionally, HHS’s proposed updates to the HIPAA Security Rule would strengthen existing workforce training requirements by placing greater emphasis on ongoing cybersecurity education and accountability. 

Six Steps to Protect Home and Small Office Routers 

While the FBI’s action successfully disrupted this specific campaign, the broader lesson remains clear: maintaining secure, up-to-date network equipment is critical to protecting both personal and organizational data. Employees should be trained on how to secure their home networks, particularly those who access business systems remotely, and incorporate router security into ongoing cybersecurity awareness efforts. 

The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and international cybersecurity partners recommend the following actions to help reduce risk: 

1. Replace Unsupported Routers. Older routers that no longer receive security updates are especially vulnerable. Replace end-of-life devices whenever possible. 
2. Install Firmware Updates. Router manufacturers regularly release patches for known vulnerabilities. Enable automatic updates if available. 
3. Change Default Credentials. Verify that default administrator usernames and passwords have been replaced with strong, unique credentials. 
4. Review DNS Settings. Ensure your router is using legitimate DNS servers provided by your internet service provider or a trusted DNS provider and that settings have not been modified without authorization. 
5. Disable Remote Management. Turn off remote management features unless they are specifically required for business operations. 
6. Watch for Security Certificate Warnings. Unexpected browser security warnings may indicate attempts to intercept or redirect traffic. 

Russian Cyber Threats Remain a Continuing Concern 

The router-hacking campaign is the latest example of ongoing cyber activity linked to Russian threat actors. Over the past several years, the FBI, CISA, the NSA, and international partners have tracked pro-Russia hacking groups targeting organizations and critical infrastructure sectors worldwide. 

In a joint cybersecurity advisory updated in December 2025, the agencies emphasized the importance of basic security measures, including keeping remote access services and software up to date with the latest patches and security updates. 

This latest FBI operation demonstrates that federal agencies continue to actively monitor and disrupt Russian cyber threats, while organizations must remain vigilant in securing their own systems and networks.

FAQ: Router Security and Cyber Threats