Explore

Rapid Read Rapid Read
FBI Remotely Patches Routers to Counter Russian GRU Cyber Espionage

FBI Remotely Patches Routers to Counter Russian GRU Cyber Espionage

The FBI, in collaboration with the US Department of Justice, has executed a remote patching operation on thousands of privately-owned routers in the United States. This action, part of Operation Masquerade, was authorized by court orders to counteract Russian military intelligence activities. The Russian GRU had been exploiting vulnerabilities in routers, primarily from TP-Link and Mikrotik, to redirect user traffic through malicious DNS resolvers, thereby capturing sensitive data such as passwords. The FBI's intervention involved replacing these malicious resolvers with legitimate ones provided by users' internet service providers. This operation was conducted without prior notification to the router owners, but extensive testing ensured no disruption to normal router functionality. The GRU's activities, attributed to the cyber threat group Fancy Bear, had been ongoing since at least 2024, affecting over 18,000 routers globally by the end of 2025.
Rapid Read Rapid Read
FBI Remotely Patches Routers to Counter Russian Cyber Espionage

FBI Remotely Patches Routers to Counter Russian Cyber Espionage

The FBI, in collaboration with the NSA and international partners, conducted Operation Masquerade to remotely patch thousands of privately-owned routers in the U.S. and other countries. This operation aimed to evict Russian military intelligence operatives, specifically the GRU, who had been exploiting vulnerabilities in routers to redirect user traffic and harvest sensitive data. The routers, primarily from TP-Link and Mikrotik, were compromised by inserting malicious DNS resolvers. The FBI used court-authorized commands to replace these with legitimate resolvers, effectively neutralizing the threat. This operation highlights the ongoing cyber espionage activities by Russian intelligence and the proactive measures taken by U.S. law enforcement to protect national security.
Rapid Read Rapid Read
FBI Remotely Patches Routers to Counter Russian GRU Espionage

FBI Remotely Patches Routers to Counter Russian GRU Espionage

The U.S. Federal Bureau of Investigation (FBI) has executed a remote patching operation on thousands of privately owned routers in the United States to remove malicious software installed by Russian military intelligence, known as the GRU. This operation, named Operation Masquerade, was conducted without the prior knowledge of the router owners but was authorized by a court. The GRU had exploited vulnerabilities in routers manufactured by TP-Link and Mikrotik to redirect user traffic to sites that could capture sensitive data such as login credentials. The FBI's intervention involved replacing the malicious DNS resolvers with legitimate ones provided by users' internet service providers. This action was part of a broader effort to counteract a campaign by the GRU, which had been active since at least 2024, targeting routers worldwide to alter DNS settings and redirect traffic to Russian-controlled servers.
Rapid Read Rapid Read
FBI's Operation Masquerade Disrupts Russian GRU's Router-Based Cyberespionage

FBI's Operation Masquerade Disrupts Russian GRU's Router-Based Cyberespionage

The FBI, in collaboration with U.S. and foreign government agencies, has successfully executed Operation Masquerade, a strategic takedown of a cyberespionage campaign orchestrated by APT28, also known as Fancy Bear, linked to Russia's Main Intelligence Directorate of the General Staff (GRU). This operation targeted over 18,000 compromised TP-Link routers used in small and home offices, which had been infiltrated to provide the Russian GRU with extensive access to internet traffic. The operation involved resetting the Domain Name System (DNS) settings on these routers to prevent further exploitation. Brett Leatherman, assistant director of the FBI's cyber division, highlighted the unique challenge posed by this attack, as it was virtually invisible to end users and did not involve traditional malware deployment.
Rapid Read Rapid Read
German Intelligence Agency Warns of Russian Cyber Espionage Targeting Critical Infrastructure

German Intelligence Agency Warns of Russian Cyber Espionage Targeting Critical Infrastructure

Germany's domestic intelligence agency, the Federal Office for the Protection of the Constitution (BfV), has issued a warning regarding cyberattacks by the Russian state-linked hacker group APT28, also known as 'Fancy Bear'. The group has reportedly compromised vulnerable TP-Link internet routers to spy on military, government, and critical infrastructure targets. The warning was issued in collaboration with Germany's foreign intelligence agency, BND, and the US FBI. APT28 is attributed to Russia's military intelligence service, the GRU, and has previously carried out cyberattacks on Germany's parliament, the centre-left SPD political party, and air traffic control authorities.
Rapid Read Rapid Read
German Intelligence Agency Warns of Russian APT28 Cyber Spying Targeting Critical Infrastructure

German Intelligence Agency Warns of Russian APT28 Cyber Spying Targeting Critical Infrastructure

Germany's domestic intelligence agency has issued a warning regarding cyberattacks by the Russian state-linked hacker group APT28, also known as 'Fancy Bear'. The group has reportedly compromised vulnerable TP-Link internet routers to spy on military, government, and critical infrastructure targets. The Federal Office for the Protection of the Constitution (BfV) collaborated with Germany's foreign intelligence agency, BND, and the US FBI to issue this warning. APT28 is attributed to Russia's military intelligence service, the GRU, and has previously targeted Germany's parliament, the centre-left SPD political party, and air traffic control authorities. The BfV noted that several thousand routers globally, including around 30 in Germany, were attacked, leading to some operators replacing affected routers.
Rapid Read Rapid Read
US Authorities Disrupt Russian Espionage Operation Using Hacked Routers

US Authorities Disrupt Russian Espionage Operation Using Hacked Routers

The US Justice Department and the FBI have announced the disruption of a Russian espionage operation involving hacked SOHO routers. The operation was linked to the threat actor known as APT28, Forest Blizzard, and Fancy Bear, believed to be backed by Russia's GRU. The hackers targeted vulnerable TP-Link and MikroTik routers, altering their DHCP and DNS settings to redirect traffic through their infrastructure. This adversary-in-the-middle attack allowed the capture of encrypted traffic, including passwords and emails. The attack exploited a known vulnerability, CVE-2023-50224, to control TP-Link routers. Microsoft identified over 200 organizations and 5,000 consumer devices affected by the attack, which began in August 2025.
Rapid Read Rapid Read
Iran-Linked Hackers Disrupt US Critical Infrastructure via PLC Attacks

Iran-Linked Hackers Disrupt US Critical Infrastructure via PLC Attacks

Several critical infrastructure organizations in the United States have been disrupted by cyberattacks linked to Iranian threat actors. According to a joint advisory from federal agencies including the FBI, CISA, NSA, EPA, DOE, and United States Cyber Command, these attacks have targeted operational technology (OT) devices across multiple sectors such as government services, water and wastewater systems, and energy sectors. The attackers have focused on internet-exposed programmable logic controllers (PLCs), particularly those manufactured by Rockwell Automation/Allen-Bradley. The advisory warns that the attacks have led to disruptions through malicious interactions with project files and manipulation of data on human machine interface (HMI) and supervisory control and data acquisition (SCADA) displays.
Rapid Read Rapid Read
Iran-Linked Hackers Target U.S. Critical Infrastructure, Causing Operational Disruptions

Iran-Linked Hackers Target U.S. Critical Infrastructure, Causing Operational Disruptions

Hackers affiliated with the Iranian government have been disrupting operations at multiple U.S. critical infrastructure sites. This activity is reportedly in response to ongoing geopolitical tensions between the U.S. and Iran. According to a joint advisory from several U.S. agencies, including the FBI and the Cybersecurity and Infrastructure Security Agency, the hackers are targeting programmable logic controllers (PLCs) used in various industrial settings such as factories, water treatment centers, and oil refineries. These devices serve as interfaces between computers and physical machinery, and their compromise can lead to significant operational disruptions and financial losses. The advisory highlights that since March 2026, an Iranian-affiliated advanced persistent threat (APT) group has been identified as disrupting PLC functions across multiple sectors, including government services, wastewater systems, and energy.
Reuters Reuters
US disrupts Russian military-run DNS hijacking network, Justice Department says

US disrupts Russian military-run DNS hijacking network, Justice Department says

WASHINGTON, April 7 (Reuters) - The U.S. Justice Department said on Tuesday it carried out a court-authorized disruption of a DNS hijacking network controlled by a Russian military intelligence unit.
Rapid Read Rapid Read
FBI Dismantles Russia-Backed Espionage Network Targeting Global Routers

FBI Dismantles Russia-Backed Espionage Network Targeting Global Routers

The FBI, in collaboration with several cybersecurity organizations, has dismantled a Russia-backed espionage network that compromised over 18,000 routers worldwide. Known as Forest Blizzard or APT28, the group exploited vulnerabilities in TP-Link routers to conduct espionage activities. The operation, dubbed Operation Masquerade, involved resetting DNS settings to prevent further exploitation. The espionage network targeted government agencies and critical infrastructure sectors, posing a significant national security threat. The FBI's intervention has halted the campaign, with no evidence of compromised U.S. government agencies.
Rapid Read Rapid Read
Germany's Intelligence Agencies Warn of Russian APT28 Cyber Espionage Targeting Critical Infrastructure

Germany's Intelligence Agencies Warn of Russian APT28 Cyber Espionage Targeting Critical Infrastructure

Germany's domestic intelligence agency, the Federal Office for the Protection of the Constitution (BfV), has issued a warning about cyberattacks by the Russian state-linked hacker group APT28, also known as Fancy Bear. This group has been identified as compromising vulnerable TP-Link internet routers to spy on military, government, and critical infrastructure targets. The warning was issued in collaboration with Germany's foreign intelligence agency, BND, and the U.S. FBI. APT28 is attributed by Western governments to Russia's military intelligence service, the GRU. The group has previously conducted cyberattacks on Germany's parliament, the centre-left SPD political party, and air traffic control authorities.