Routers Routers

Hackers Are Turning Old Home Routers Into Criminal Proxies, FBI Warns

Russian state-sponsored hackers quietly turned outdated home and small office routers into an espionage tool, and the FBI has now taken the unusual step of naming specific models that should be shut off or replaced. The warning drags a long-running problem into the spotlight: cheap, aging networking gear that vendors no longer support has become low-hanging fruit for some of the most capable hacking groups in the world.

For households and small businesses that treat the router as a “set it and forget it” appliance, the message is blunt. If the device is on the FBI’s list, it is no longer safe to sit on a shelf humming along in the background.

How the FBI’s router warning reshaped an old security problem

The current alarm traces back to a long-running campaign by the Russian military intelligence group commonly tracked as APT28. Security agencies describe APT28 as a unit of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation that has repeatedly targeted Western governments, media, and critical infrastructure. Earlier this year, the United Kingdom’s National Cyber Security Centre detailed how APT28 exploited vulnerable home and small office routers to carry out DNS hijacking operations, effectively turning consumer hardware into a covert staging ground.

In that advisory, the group was said to have compromised routers that were no longer receiving security updates, then changed their DNS settings so that victims who thought they were visiting legitimate websites were silently redirected to infrastructure controlled by Russian operators. The technique allowed the attackers to harvest credentials and monitor traffic without ever touching the victim’s laptop or phone. The routers became invisible middlemen, trusted by every device on the local network.

The FBI’s recent public guidance built on that technical picture and made it personal for American users. Investigators said Russian hackers hijacked old Wi-Fi routers across the United States and used them as part of a broader espionage effort. In that guidance, the bureau named specific models that had been abused, including older home routers that many internet subscribers received from their broadband providers and never replaced. The agency urged owners to disconnect and replace the affected hardware, warning that simple reboots or factory resets would not reliably remove the attackers’ foothold because the devices lacked modern protections.

Security researchers who analyzed the campaign described how the attackers installed custom malware on compromised routers, then used them as relays to disguise follow-on intrusions. Rather than connecting directly from Russian infrastructure to a government or corporate network, the operators could bounce through a random home in, for example, Ohio or Arizona. That made the malicious traffic blend in with normal residential internet activity and complicated efforts to trace attacks back to their origin.

Why hijacked home routers are a national security problem

The technical details would matter less if the impact were limited to a handful of hobbyists, but the scale of the operation has been significant. One report tied the activity to attacks on home routers across 23 U.S. states, where Russia’s military hackers quietly conscripted consumer devices into their infrastructure. Those routers sat in living rooms, small offices, and home labs, but from the perspective of a targeted government network they looked like ordinary American users.

That blending effect is what elevates the issue from a nuisance to a national security concern. When foreign intelligence services route their operations through consumer hardware, every compromised router becomes a cutout between the attacker and the real target. Law enforcement and defenders who see malicious traffic arriving from a random Comcast or Spectrum subscriber face a harder task in deciding whether to block, investigate, or ignore it. Blocking too aggressively can disrupt legitimate users, while being too permissive gives cover to sophisticated adversaries.

There is also a direct privacy angle for the people who own the hijacked devices. A detailed technical analysis by security researchers described how Russian state-sponsored hackers installed malware on home and small office routers to capture network traffic, steal credentials, and proxy connections. The report explained that the operation targeted specific brands and firmware versions that had reached end of life, which meant they were no longer receiving fixes for known vulnerabilities. The researchers warned that home and small with outdated software effectively functioned as open doors.

For victims, that translated into a quiet but serious loss of control. Anyone who logged in to webmail, corporate VPN portals, banking sites, or cloud services through a compromised router risked having their credentials intercepted on the wire. Unlike malware on a laptop, which might slow down the system or trigger antivirus alerts, router infections can run for months without obvious symptoms. The FBI warning is therefore less a reaction to a new vulnerability and more a recognition that this attack surface has been neglected for years.

Timing also matters because home networks now carry far more sensitive traffic than in the past. Many employees continue to connect to corporate systems from home offices. Smart TVs, security cameras, and voice assistants all rely on the same gateway. A compromised router in a suburban house can be a stepping stone into a defense contractor’s remote access system or a way to spy on video feeds from an internet-connected camera. The line between “home” and “enterprise” infrastructure has blurred, but the routers at the center of that convergence are often still treated as disposable appliances.

What owners of at-risk routers should expect next

The FBI’s decision to publicly list affected models is likely to trigger a wave of replacement notices from internet service providers and router manufacturers. Many broadband companies already manage fleets of customer-premises equipment and can see which subscribers are still using hardware that matches the FBI’s description. Customers can expect emails or mailed notices urging them to swap out older devices, sometimes at no additional cost, as providers race to get unsupported gear off their networks.

Security agencies are also expected to keep pressing vendors to design routers with longer support lifecycles and clearer end-of-life messaging. In the past, a consumer might buy a router like a Netgear N600 or a TP-Link Archer C7 and run it for a decade without thinking about firmware updates. Under the new reality, regulators and law enforcement are treating routers more like smartphones, where regular updates and planned retirement dates are part of responsible ownership. The public advisories about old Wi-Fi routers are an early sign of that shift.

For individual users, the immediate next steps are relatively clear, even if they are inconvenient. Owners of devices on the FBI’s list should replace them outright rather than trying to harden them. Those who are unsure of their model can check the label on the bottom of the router and compare it against their provider’s current supported hardware list. Upgrading to a modern router that still receives firmware updates closes off the specific vulnerabilities exploited by APT28 and similar groups.

Beyond replacement, security professionals recommend a few habits that reduce the risk of future hijacking. Router admin interfaces should be protected with strong, unique passwords instead of the factory defaults printed on the sticker. Automatic firmware updates should be enabled wherever possible, and remote management features that expose the router’s control panel directly to the internet should be disabled unless absolutely necessary. Users who rely on their routers for remote work should also consider segmenting their networks, for example by placing work laptops on a separate Wi-Fi network from smart home gadgets.

On the policy side, the campaign against aging routers is likely to feed into broader efforts to set minimum security standards for connected devices. Governments have already begun pushing for labels that indicate whether products receive updates and for how long. The revelation that a Russian military intelligence unit successfully built an espionage platform out of neglected home routers across dozens of states will strengthen arguments for mandatory security baselines and clearer communication when devices fall out of support.

Leave a Reply

Your email address will not be published. Required fields are marked *